Possible Bug? "parameters()" syntax in acl dstdomain results in rule not working?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Possible Bug? "parameters()" syntax in acl dstdomain results in rule not working?

paul-3
Hello,

I am running squid 3.5.23 on Debian 9. My goal was to try to set up a simple proxy server for whitelisting.

It's working now, but I had some difficulty. In the release notes I came across this example:

http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.23-RELEASENOTES.html#s3

It shows specifying a whitelist like so:

acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")

So I tried this, and spent quite some time trying to figure out why it didn't work. I got no errors, but this rule seemed to cause rejection of all destination domains.

I finally realized there appeared to be something wrong with the "parameters" handling of the external file, and turned it into:

acl WHITELIST dstdomain "/etc/squid/whitelist.txt"

With that one change it worked properly.

Is this a known bug?

Thanks,

Paul

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Possible Bug? "parameters()" syntax in acl dstdomain results in rule not working?

Alex Rousskov
On 03/21/2018 11:45 AM, [hidden email] wrote:

> Hello,
>
> I am running squid 3.5.23 on Debian 9. My goal was to try to set up a
> simple proxy server for whitelisting.
>
> It's working now, but I had some difficulty. In the release notes I came
> across this example:
>
> http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.23-RELEASENOTES.html#s3
>
> It shows specifying a whitelist like so:
>
> acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
>
> So I tried this, and spent quite some time trying to figure out why it
> didn't work. I got no errors, but this rule seemed to cause rejection of
> all destination domains.
>
> I finally realized there appeared to be something wrong with the
> "parameters" handling of the external file, and turned it into:
>
> acl WHITELIST dstdomain "/etc/squid/whitelist.txt"
>
> With that one change it worked properly.
>
> Is this a known bug?

IIRC, to use parameters(), you need to turn
configuration_includes_quoted_values on:

http://www.squid-cache.org/Doc/config/configuration_includes_quoted_values/

Unfortunately, it is extremely difficult to upgrade squid.conf syntax
from the current ad hoc mess to something that can be easily validated,
extended, and improved. That directive was an attempt to solve one of
the major existing syntax problems (handling of spaces in directive
parameters), but we could not enable it by default because it could
cause difficult-to-detect problems in existing configurations. There
were also some regex-related problems IIRC.

AFAIK, nobody is working on improving this further. Rejecting or warning
about "parameters(" when configuration_includes_quoted_values is off
would be one of those improvements.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users