[squid-users] Possible Bug? "parameters()" syntax in acl dstdomain results in rule not working?
Alex Rousskov
rousskov at measurement-factory.com
Wed Mar 21 18:07:31 UTC 2018
On 03/21/2018 11:45 AM, paul at thepottshouse.org wrote:
> Hello,
>
> I am running squid 3.5.23 on Debian 9. My goal was to try to set up a
> simple proxy server for whitelisting.
>
> It's working now, but I had some difficulty. In the release notes I came
> across this example:
>
> http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.23-RELEASENOTES.html#s3
>
> It shows specifying a whitelist like so:
>
> acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
>
> So I tried this, and spent quite some time trying to figure out why it
> didn't work. I got no errors, but this rule seemed to cause rejection of
> all destination domains.
>
> I finally realized there appeared to be something wrong with the
> "parameters" handling of the external file, and turned it into:
>
> acl WHITELIST dstdomain "/etc/squid/whitelist.txt"
>
> With that one change it worked properly.
>
> Is this a known bug?
IIRC, to use parameters(), you need to turn
configuration_includes_quoted_values on:
http://www.squid-cache.org/Doc/config/configuration_includes_quoted_values/
Unfortunately, it is extremely difficult to upgrade squid.conf syntax
from the current ad hoc mess to something that can be easily validated,
extended, and improved. That directive was an attempt to solve one of
the major existing syntax problems (handling of spaces in directive
parameters), but we could not enable it by default because it could
cause difficult-to-detect problems in existing configurations. There
were also some regex-related problems IIRC.
AFAIK, nobody is working on improving this further. Rejecting or warning
about "parameters(" when configuration_includes_quoted_values is off
would be one of those improvements.
HTH,
Alex.
More information about the squid-users
mailing list