Thank you.  In regards to the external ACL helper, would I basically say 
something like:

external_acl_type foo %URL /path/to/my/helper

And then have my helper compare the contents of %URL to the mirror list and 
spit out "OK" for pass or "ERR" for fail?

Thanks,

j


----- Original Message -----
From: "Alex Rousskov" <rouss...@measurement-factory.com>
To: squid-users@lists.squid-cache.org
Cc: "Jason Nance" <ja...@tresgeek.net>
Sent: Tuesday, March 21, 2017 4:42:33 PM
Subject: Re: [squid-users] URL list from a URL

On 03/21/2017 02:30 PM, Jason B. Nance wrote:

> I should have mentioned that I'm not caching, I'm only using Squid
> for whitelisting in this case.  Would you still say this is the right
> path? 

No. You probably have two better options:

1. Use a file with list of mirror URLs as an ACL parameter. Write a
script that updates that file and reconfigures Squid as needed. Please
keep in mind that Squid reconfiguration is currently a relatively
heavy/intrusive operation, even if there were not changes except for
that single ACL.

2. Write an external_acl helper that will consult the mirror list. This
will make each HTTP transaction a little slower (because it needs to go
to the helper) but eliminates reconfigurations. The helper itself or
some other script will still need to update the mirror list as needed,
of course.


HTH,

Alex.




>> Hello,
>>
>> I'm using Squid 3.5.20 and wonder if it is possible to define an ACL which 
>> retrieves the list of URLs from another URL (similar to pointing to a file). 
>>  In this specific use case it is to allow a Foreman server to sync Yum 
>> content from the CentOS mirrors.  I tell Foreman to use the following URL:
>>
>> http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates
>>
>> Which returns a list of URLs, such as:
>>
>> http://repo1.dal.innoscale.net/centos/7.3.1611/updates/x86_64/
>> http://linux.mirrors.es.net/centos/7.3.1611/updates/x86_64/
>> http://reflector.westga.edu/repos/CentOS/7.3.1611/updates/x86_64/
>> http://mirror.jax.hugeserver.com/centos/7.3.1611/updates/x86_64/
>> http://ftp.linux.ncsu.edu/pub/CentOS/7.3.1611/updates/x86_64/
>> http://mirror.nexcess.net/CentOS/7.3.1611/updates/x86_64/
>> http://mirror.web-ster.com/centos/7.3.1611/updates/x86_64/
>> http://centos.host-engine.com/7.3.1611/updates/x86_64/
>> http://mirror.raystedman.net/centos/7.3.1611/updates/x86_64/
>> http://mirror.linux.duke.edu/pub/centos/7.3.1611/updates/x86_64/
>>
>> Foreman then starts a new HTTP connection (not a redirect) to attempt to 
>> connect to those in turn until it works.
>>
>> So I would like to configure Squid to allow the Foreman server access to any 
>> of those URLs (the list changes somewhat often).
>>
>> I started to go down the external_acl_type but am wondering if I'm missing 
>> something obvious.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to