[squid-users] Forcing squid to fail when the whitelist doesn't exist
Matthew Macdonald-Wallace
matt at mockingbirdconsulting.co.uk
Tue Jul 7 17:57:01 UTC 2020
On Tue, 7 Jul 2020 at 18:53, Alex Rousskov <rousskov at measurement-factory.com>
wrote:
> On 7/7/20 10:52 AM, Matthew Macdonald-Wallace wrote:
>
> > We're re-configuring a squid proxy solution for a client and as part of
> > it we made the assumption that squid would fail if we asked it to read a
> > whitelist that wasn't present.
> >
> > We've now discovered that Squid fails to read the file, throws an error
> > in the log ( Error: Cannot open file /etc/squid/whitelist.txt for
> > reading ), and then starts up anyway
>
> Yes, this kind of error ignorance is an old known Squid problem. Some
> developers have thought that it is better to start Squid "if at all
> possible" than to fail on (in their view "minor") error. New features
> are usually more "conservative", but even now that "conservative"
> approach does not always win.
>
> IMO, quality pull requests making missing files a fatal configuration
> error should be welcomed. They may not be backported to stable versions,
> of course. The solution would probably revolve around throwing an
> exception in ConfigParser::strtokFile(). Making missing file treatment
> configurable, especially on a per-file basis should be welcomed as well,
> probably by extending the new parameters syntax mentioned below.
>
>
Thanks, it did seem a bit odd as a default behaviour, good to know
something like this would be welcomed (by you at least!).
> Meanwhile, try using the newer parameters() syntax instead of abusing
> double quotes. It should work the way you expect. Here is the
> corresponding quote from squid.conf.documented:
>
> > Squid supports reading configuration option parameters from external
> > files using the syntax:
> > parameters("/path/filename")
> > For example:
> > acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
>
>
I'll check the version that we're running and see if I can do this. I
suspect that due to "enterprise requirements" our version won't be the
latest, but hopefully it will support this.
Thanks again,
Matt
--
--
Mockingbird Consulting
Connecting you with your environment
w:
www.mockingbirdconsulting.co.uk <http://www.mockingbirdconsulting.co.uk/>
e: info at mockingbirdconsulting.co.uk
<mailto:matt at mockingbirdconsulting.co.uk>
t: +44 (0) 1600 717142
Bridges
Centre,
Drybridge House,
Monmouth,
NP25 5AS
Registered in England and
Wales, Company Number 10488438
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200707/61a474c3/attachment.html>
More information about the squid-users
mailing list