Re: [squid-users] external_acl_type helper problems
I suggest you to try with squid 2.7 or 3.2 series. I had some strange problems with the 3.1 series, I think external acls was one of those problems. When I tested 2.7 and 3.2, all the strange problems were gone. I know 2.7 sounds old, but it is incredibly faster than the rest. Regarding your script, keep in mind that Squid is able to cache results from external acls, so even if the script is not so efficient, you can take advantage of that caching. Read the docs on external acls. But anyway, if you post your script someone might be able to help with that as well. On Mon, Jul 9, 2012 at 6:32 PM, ml ml mliebher...@googlemail.com wrote: Hello List, i am using a perl script for ACL like this: external_acl_type ldap_surfer negative_ttl=60 ttl=60 children=200 %DST %SRC /etc/squid/ldap_default_allow.pl acl ldap_users external ldap_surfer http_access allow ldap_users However, after a squid upgrade from squid-3.1.0.14 to squid-3.1.19 i am getting DENIED request. When i turn on ACL Debug i seee this: ACL::ChecklistMatches: result for 'ldap_users' is -1 My /etc/squid/ldap_default_allow.pl perl script might not be the best ( i am doing some ldap and mysql stuff in there), so i modified it to a very simple script: #!/usr/bin/perl use strict; $|=1; while(defined(my $INPUT = STDIN)) { print OK\n; next; } I have about 300 Clients and the traffic is quite high. I have the feeling that squid or the script is not very efficent. Can i use concurrency=X here with this perl script? Am i using the syntax right? Or am i doing anything wrong? Thanks, Mario
[squid-users] external_acl_type helper problems
Hello List, i am using a perl script for ACL like this: external_acl_type ldap_surfer negative_ttl=60 ttl=60 children=200 %DST %SRC /etc/squid/ldap_default_allow.pl acl ldap_users external ldap_surfer http_access allow ldap_users However, after a squid upgrade from squid-3.1.0.14 to squid-3.1.19 i am getting DENIED request. When i turn on ACL Debug i seee this: ACL::ChecklistMatches: result for 'ldap_users' is -1 My /etc/squid/ldap_default_allow.pl perl script might not be the best ( i am doing some ldap and mysql stuff in there), so i modified it to a very simple script: #!/usr/bin/perl use strict; $|=1; while(defined(my $INPUT = STDIN)) { print OK\n; next; } I have about 300 Clients and the traffic is quite high. I have the feeling that squid or the script is not very efficent. Can i use concurrency=X here with this perl script? Am i using the syntax right? Or am i doing anything wrong? Thanks, Mario
Re: [squid-users] external_acl_type helper problems
On 9/07/2012 9:32 p.m., ml ml wrote: Hello List, i am using a perl script for ACL like this: external_acl_type ldap_surfer negative_ttl=60 ttl=60 children=200 %DST %SRC /etc/squid/ldap_default_allow.pl acl ldap_users external ldap_surfer http_access allow ldap_users However, after a squid upgrade from squid-3.1.0.14 to squid-3.1.19 i am getting DENIED request. When i turn on ACL Debug i seee this: ACL::ChecklistMatches: result for 'ldap_users' is -1 -1 means waiting for a reply from the helper. There should be a followup check with 0/1 result when Squid actually receives the helper reply. My /etc/squid/ldap_default_allow.pl perl script might not be the best ( i am doing some ldap and mysql stuff in there), so i modified it to a very simple script: #!/usr/bin/perl use strict; $|=1; while(defined(my $INPUT = STDIN)) { print OK\n; next; } I have about 300 Clients and the traffic is quite high. I have the feeling that squid or the script is not very efficent. Can i use concurrency=X here with this perl script? Am i using the syntax right? Or am i doing anything wrong? That is correct for a non-concurrent always-OK helper. concurrency would be better if you can add it. But for figuring out what is wrong what you have seems fine, although I've not seen that variable defined in while() parameter syntax before so can't say myself if there is anything right or wrong about it. I recommend adding a -d flag to your helper that produces debugging messages about what it is doing on stderr. Amos