Re: [squid-users] external_acl_type helper problems
I suggest you to try with squid 2.7 or 3.2 series.
I had some strange problems with the 3.1 series, I think external acls
was one of those problems.
When I tested 2.7 and 3.2, all the strange problems were gone. I know
2.7 sounds old, but it is incredibly faster than the rest.
Regarding your script, keep in mind that Squid is able to cache
results from external acls, so even if the script is not so efficient,
you can take advantage of that caching. Read the docs on external
acls.
But anyway, if you post your script someone might be able to help with
that as well.
On Mon, Jul 9, 2012 at 6:32 PM, ml ml mliebher...@googlemail.com wrote:
Hello List,
i am using a perl script for ACL like this:
external_acl_type ldap_surfer negative_ttl=60 ttl=60 children=200
%DST %SRC /etc/squid/ldap_default_allow.pl
acl ldap_users external ldap_surfer
http_access allow ldap_users
However, after a squid upgrade from squid-3.1.0.14 to squid-3.1.19 i
am getting DENIED request. When i turn on ACL Debug i seee this:
ACL::ChecklistMatches: result for 'ldap_users' is -1
My /etc/squid/ldap_default_allow.pl perl script might not be the best
( i am doing some ldap and mysql stuff in there), so i modified it to
a very simple script:
#!/usr/bin/perl
use strict;
$|=1;
while(defined(my $INPUT = STDIN)) {
print OK\n;
next;
}
I have about 300 Clients and the traffic is quite high. I have the
feeling that squid or the script is not very efficent.
Can i use concurrency=X here with this perl script? Am i using the
syntax right? Or am i doing anything wrong?
Thanks,
Mario
[squid-users] external_acl_type helper problems
Hello List,
i am using a perl script for ACL like this:
external_acl_type ldap_surfer negative_ttl=60 ttl=60 children=200
%DST %SRC /etc/squid/ldap_default_allow.pl
acl ldap_users external ldap_surfer
http_access allow ldap_users
However, after a squid upgrade from squid-3.1.0.14 to squid-3.1.19 i
am getting DENIED request. When i turn on ACL Debug i seee this:
ACL::ChecklistMatches: result for 'ldap_users' is -1
My /etc/squid/ldap_default_allow.pl perl script might not be the best
( i am doing some ldap and mysql stuff in there), so i modified it to
a very simple script:
#!/usr/bin/perl
use strict;
$|=1;
while(defined(my $INPUT = STDIN)) {
print OK\n;
next;
}
I have about 300 Clients and the traffic is quite high. I have the
feeling that squid or the script is not very efficent.
Can i use concurrency=X here with this perl script? Am i using the
syntax right? Or am i doing anything wrong?
Thanks,
Mario
Re: [squid-users] external_acl_type helper problems
On 9/07/2012 9:32 p.m., ml ml wrote:
Hello List,
i am using a perl script for ACL like this:
external_acl_type ldap_surfer negative_ttl=60 ttl=60 children=200
%DST %SRC /etc/squid/ldap_default_allow.pl
acl ldap_users external ldap_surfer
http_access allow ldap_users
However, after a squid upgrade from squid-3.1.0.14 to squid-3.1.19 i
am getting DENIED request. When i turn on ACL Debug i seee this:
ACL::ChecklistMatches: result for 'ldap_users' is -1
-1 means waiting for a reply from the helper. There should be a followup
check with 0/1 result when Squid actually receives the helper reply.
My /etc/squid/ldap_default_allow.pl perl script might not be the best
( i am doing some ldap and mysql stuff in there), so i modified it to
a very simple script:
#!/usr/bin/perl
use strict;
$|=1;
while(defined(my $INPUT = STDIN)) {
print OK\n;
next;
}
I have about 300 Clients and the traffic is quite high. I have the
feeling that squid or the script is not very efficent.
Can i use concurrency=X here with this perl script? Am i using the
syntax right? Or am i doing anything wrong?
That is correct for a non-concurrent always-OK helper.
concurrency would be better if you can add it. But for figuring out what
is wrong what you have seems fine, although I've not seen that variable
defined in while() parameter syntax before so can't say myself if there
is anything right or wrong about it.
I recommend adding a -d flag to your helper that produces debugging
messages about what it is doing on stderr.
Amos
