On 23/05/17 13:25, avi_h wrote:
Hi,
I'm currently using the DB authentication (squid_db_auth).
This works flawlessly, however I have a need to enable authentication by a
list of IPs.
What do you mean by that exactly?
I tried using a simple ACL, but it's not dynamic so that doesn't answer my
need.
So I'm trying to create an external ACL.
For some reason the external ACL isn't working.
In order to check this, I commented out all the configs of squid_db_auth.
Please see the configurations below:
external_acl_type ip_checker children-max=20 %SRC
/usr/lib64/squid/ip_checker.sh
acl allowed_ips external ip_checker
http_access allow allowed_ips
cat /usr/lib64/squid/ip_checker.sh
#!/bin/bash
while read ip
do
if ! grep -w "$ip" /etc/squid/allowed_ips.txt ; then
echo "ERR"
else echo "OK"
fi
done
cat /etc/squid/allowed_ips.txt
192.168.1.1
The error message I'm getting:
2017/05/23 01:33:09.160 kid1| 82,2| external_acl.cc(786) aclMatchExternal:
ip_checker("192.168.1.1") = lookup needed
2017/05/23 01:33:09.160 kid1| WARNING: external ACL 'ip_checker' queue
overload. Request rejected '192.168.1.1'.
For some reason your helper is not coping with the amount of traffic
going through your Squid, even with 20 processes running.
I don't see anything particularly wrong with the script logic, maybe
just the inefficiency of using bash and grep?
or perhapse how you are designing the http_access sequence? order
matters a lot.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
