[squid-users] Forcing squid to fail when the whitelist doesn't exist

Matthew Macdonald-Wallace matt at mockingbirdconsulting.co.uk
Tue Jul 7 17:57:01 UTC 2020


On Tue, 7 Jul 2020 at 18:53, Alex Rousskov <rousskov at measurement-factory.com>
wrote:

> On 7/7/20 10:52 AM, Matthew Macdonald-Wallace wrote:
>
> > We're re-configuring a squid proxy solution for a client and as part of
> > it we made the assumption that squid would fail if we asked it to read a
> > whitelist that wasn't present.
> >
> > We've now discovered that Squid fails to read the file, throws an error
> > in the log ( Error: Cannot open file /etc/squid/whitelist.txt for
> > reading ), and then starts up anyway
>
> Yes, this kind of error ignorance is an old known Squid problem. Some
> developers have thought that it is better to start Squid "if at all
> possible" than to fail on (in their view "minor") error. New features
> are usually more "conservative", but even now that "conservative"
> approach does not always win.
>
> IMO, quality pull requests making missing files a fatal configuration
> error should be welcomed. They may not be backported to stable versions,
> of course. The solution would probably revolve around throwing an
> exception in ConfigParser::strtokFile(). Making missing file treatment
> configurable, especially on a per-file basis should be welcomed as well,
> probably by extending the new parameters syntax mentioned below.
>
>
Thanks, it did seem a bit odd as a default behaviour, good to know
something like this would be welcomed (by you at least!).


> Meanwhile, try using the newer parameters() syntax instead of abusing
> double quotes. It should work the way you expect. Here is the
> corresponding quote from squid.conf.documented:
>
> > Squid supports reading configuration option parameters from external
> > files using the syntax:
> >     parameters("/path/filename")
> > For example:
> >     acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
>
>
I'll check the version that we're running and see if I can do this.  I
suspect that due to "enterprise requirements" our version won't be the
latest, but hopefully it will support this.

Thanks again,

Matt

-- 

--
Mockingbird Consulting

Connecting you with your environment


w: 
www.mockingbirdconsulting.co.uk <http://www.mockingbirdconsulting.co.uk/>

e: info at mockingbirdconsulting.co.uk 
<mailto:matt at mockingbirdconsulting.co.uk>
t: +44 (0) 1600 717142


Bridges 
Centre,
Drybridge House,
Monmouth,
NP25 5AS

Registered in England and 
Wales, Company Number 10488438
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200707/61a474c3/attachment.html>


More information about the squid-users mailing list