Squid not sending input into external_acl_type helper script

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid not sending input into external_acl_type helper script

Ajb B
So I have a external_acl_type helper script and it's not reading input from Squid.

Here it is:

redis-cli HSET 'test' data 'SCRIPT DID RUN' >/dev/null

while read -s line; do
  redis-cli HSET 'test' data 'LOOP STARTED ' >/dev/null
  printf '%s\n' 'OK'
done

And here are my Squid configuration directives:

external_acl_type ex_parent_proxy %LOGIN /etc/squid/squid-access-control.sh
acl parent_proxy_1 external ex_parent_proxy
http_access allow parent_proxy_1

When I test it out, the 'SCRIPT DID RUN' value does get set in the database. However, 'LOOP STARTED' does not. Any idea why? I have used helper scripts for the 'auth_param basic program' configuration directive and it works just fine.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid not sending input into external_acl_type helper script

Alex Rousskov
On 9/25/20 4:28 PM, Ajb B wrote:

> So I have a external_acl_type helper script and it's not reading input
> from Squid.
>
> Here it is:
>
> redis-cli HSET 'test' data 'SCRIPT DID RUN' >/dev/null
>
> while read -s line; do
>   redis-cli HSET 'test' data 'LOOP STARTED ' >/dev/null
>   printf '%s\n' 'OK'
> done
>
> And here are my Squid configuration directives:
>
> external_acl_type ex_parent_proxy %LOGIN /etc/squid/squid-access-control.sh
> acl parent_proxy_1 external ex_parent_proxy
> http_access allow parent_proxy_1
>
> When I test it out, the 'SCRIPT DID RUN' value does get set in the
> database. However, 'LOOP STARTED' does not. Any idea why?

Perhaps access is granted (or denied) by an earlier http_access rule?

If no test transactions are currently denied, then, to test the above
theory, you can add an "http_access deny all" rule immediately
before/above your "http_access allow parent_proxy_1" rule and see
whether Squid starts denying any test transactions. If it does not, the
theory is probably correct.

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid not sending input into external_acl_type helper script

Ajb B
Eeehhhh, you were right.

It was a configuration directive. Even though putting 'http_access deny all' didn't fix the issue, I was able to make the loop run by commenting out the following configuration directives:

acl authenticated proxy_auth REQUIRED
http_access allow authenticated

Completely didn't realize they were preventing Squid from passing input into the script.

Thanks Alex!

Adrian
On Saturday, September 26, 2020, 10:17:53 AM CDT, Alex Rousskov <[hidden email]> wrote:


On 9/25/20 4:28 PM, Ajb B wrote:

> So I have a external_acl_type helper script and it's not reading input
> from Squid.
>
> Here it is:
>
> redis-cli HSET 'test' data 'SCRIPT DID RUN' >/dev/null
>
> while read -s line; do
>   redis-cli HSET 'test' data 'LOOP STARTED ' >/dev/null
>   printf '%s\n' 'OK'
> done
>
> And here are my Squid configuration directives:
>
> external_acl_type ex_parent_proxy %LOGIN /etc/squid/squid-access-control.sh
> acl parent_proxy_1 external ex_parent_proxy
> http_access allow parent_proxy_1
>
> When I test it out, the 'SCRIPT DID RUN' value does get set in the
> database. However, 'LOOP STARTED' does not. Any idea why?

Perhaps access is granted (or denied) by an earlier http_access rule?

If no test transactions are currently denied, then, to test the above
theory, you can add an "http_access deny all" rule immediately
before/above your "http_access allow parent_proxy_1" rule and see
whether Squid starts denying any test transactions. If it does not, the
theory is probably correct.

Alex.


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users