[squid-users] Forcing squid to fail when the whitelist doesn't exist

Alex Rousskov rousskov at measurement-factory.com
Tue Jul 7 17:52:49 UTC 2020


On 7/7/20 10:52 AM, Matthew Macdonald-Wallace wrote:

> We're re-configuring a squid proxy solution for a client and as part of
> it we made the assumption that squid would fail if we asked it to read a
> whitelist that wasn't present.
> 
> We've now discovered that Squid fails to read the file, throws an error
> in the log ( Error: Cannot open file /etc/squid/whitelist.txt for
> reading ), and then starts up anyway

Yes, this kind of error ignorance is an old known Squid problem. Some
developers have thought that it is better to start Squid "if at all
possible" than to fail on (in their view "minor") error. New features
are usually more "conservative", but even now that "conservative"
approach does not always win.

IMO, quality pull requests making missing files a fatal configuration
error should be welcomed. They may not be backported to stable versions,
of course. The solution would probably revolve around throwing an
exception in ConfigParser::strtokFile(). Making missing file treatment
configurable, especially on a per-file basis should be welcomed as well,
probably by extending the new parameters syntax mentioned below.

Meanwhile, try using the newer parameters() syntax instead of abusing
double quotes. It should work the way you expect. Here is the
corresponding quote from squid.conf.documented:

> Squid supports reading configuration option parameters from external
> files using the syntax:
>     parameters("/path/filename")
> For example:
>     acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")


HTH,

Alex.


More information about the squid-users mailing list