I got the external acl setup to work, it had some bugs but I notice something that maybe through configuration I can fix.
It's a configuration external_acl_type CHECKOVERCUOTE concurrency=100 ttl=3 negative_ttl=10 children-max=50 children-startup=10 children-idle=5 %LOGIN /usr/lib/squid/ext_sql_session_acl --dsn "DBI:mysql:database=squidmgr" --user squidmgr --password squ1dmgr --table "proxy_usuario" --uidcol "identificador" --usercol "identificador" --cond "overcuote = 1" --debug acl OVERCUOTE external CHECKOVERCUOTE It generate: SELECT identificador AS 'user', '' AS 'tag' FROM proxy_usuario WHERE (identificador = ?) AND overcuote =1 UID queried: 'frizquierdo - ' # when user identifier authenticated on squid is 'frizquierdo' The user identifier generated by the ext_sql_session_acl query is made up of the user identifier +space+ hyphen +space, for example (for 'frizquierdo' identifier, 'frizquierdo - ' is generated), so in the database it would have to be the user identifier stored in that format. Is there a directive that guarantees that the parameter is not created that way? El mié, 29 mar 2023 a las 8:00, <squid-users-requ...@lists.squid-cache.org> escribió: > Send squid-users mailing list submissions to > squid-users@lists.squid-cache.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.squid-cache.org/listinfo/squid-users > or, via email, send a message with subject or body 'help' to > squid-users-requ...@lists.squid-cache.org > > You can reach the person managing the list at > squid-users-ow...@lists.squid-cache.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of squid-users digest..." > > > Today's Topics: > > 1. Re: squid-users Digest, Vol 103, Issue 22 (Francisco) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 28 Mar 2023 11:46:29 -0400 > From: Francisco <frizquierd...@gmail.com> > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] squid-users Digest, Vol 103, Issue 22 > Message-ID: > < > cajxdoba8sokfbzweg-gidylb6-r-hjyg__qjccf6iq2zqju...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > In my previous email I was missing part of the text when I sent it, I > deleted it by mistake. > This is what I have so far: > > I try to make the following config: > external_acl_type CHECKOVERCUOTE ttl=5 negative_ttl=5 children-max=10 > children-startup=5 %ACL /usr/lib/squid/ext_sql_session_acl --dsn > "DBI:mysql:database=squidmgr" --user squidmgr --password squidmgr --table > "proxy_usuario" uidcol "id" --usercol "identificador" --cond "overcuote=1" > --persist > acl OVERCUOTE external CHECKOVERCUOTE > > http_access allow CONNECT SSL_ports !dominio_cuba usuarios_internet > macs_red_local red_local !OVERCUOTE > > --cond "overcuote=1" is the field in database that it's set to 1 when user > calc overcuote. > > if i try ext_sql_session_acl from terminal, i see: > ERR message="unknow UID ' '" > > > > El mar, 28 mar 2023 a las 8:00, <squid-users-requ...@lists.squid-cache.org > > > escribi?: > > > Send squid-users mailing list submissions to > > squid-users@lists.squid-cache.org > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://lists.squid-cache.org/listinfo/squid-users > > or, via email, send a message with subject or body 'help' to > > squid-users-requ...@lists.squid-cache.org > > > > You can reach the person managing the list at > > squid-users-ow...@lists.squid-cache.org > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of squid-users digest..." > > > > > > Today's Topics: > > > > 1. Re: squid-users Digest, Vol 103, Issue 21 (Francisco) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Mon, 27 Mar 2023 18:09:10 -0400 > > From: Francisco <frizquierd...@gmail.com> > > To: squid-users@lists.squid-cache.org > > Subject: Re: [squid-users] squid-users Digest, Vol 103, Issue 21 > > Message-ID: > > <CAJXDObaQz4X2g= > > y5uh3u6npmoafa-rygpwmvfed6beynszf...@mail.gmail.com> > > Content-Type: text/plain; charset="utf-8" > > > > Sorry, I don't understand how to combine *ext_sql_session_acl* with > > anothers acl of type dstdomain for example, becasue I need calc user's > > cuote only for an certains sites (domains, and sites). > > > > > > El lun, 27 mar 2023 a las 8:00, < > squid-users-requ...@lists.squid-cache.org > > > > > escribi?: > > > > > Send squid-users mailing list submissions to > > > squid-users@lists.squid-cache.org > > > > > > To subscribe or unsubscribe via the World Wide Web, visit > > > http://lists.squid-cache.org/listinfo/squid-users > > > or, via email, send a message with subject or body 'help' to > > > squid-users-requ...@lists.squid-cache.org > > > > > > You can reach the person managing the list at > > > squid-users-ow...@lists.squid-cache.org > > > > > > When replying, please edit your Subject line so it is more specific > > > than "Re: Contents of squid-users digest..." > > > > > > > > > Today's Topics: > > > > > > 1. Re: squid 5.7 Bad request from parent cache after squid -k > > > reconfigure (Amos Jeffries) > > > > > > > > > ---------------------------------------------------------------------- > > > > > > Message: 1 > > > Date: Mon, 27 Mar 2023 05:05:02 +1300 > > > From: Amos Jeffries <squ...@treenet.co.nz> > > > To: squid-users@lists.squid-cache.org > > > Subject: Re: [squid-users] squid 5.7 Bad request from parent cache > > > after squid -k reconfigure > > > Message-ID: <bfd2a571-02d1-2cff-690c-59caf55a0...@treenet.co.nz> > > > Content-Type: text/plain; charset=UTF-8; format=flowed > > > > > > On 24/03/2023 2:34 pm, Francisco wrote: > > > > Hi, (first Iapologize for my English) I have a local squid proxy in > > > > forward mode, with parent cache. I'm trying calc and restrict > > > > authenticated users that reach the assigned cuote on certains domains > > > > and sites, and for that I store the access log into database that > > > > match determinates ACL. > > > > > > > Every one minute run an script that calc http_size for every user > from > > > > database (leaving out logs records derived from TCP_HIT_, zero size, > > > > NONE, etc, etc), and those users that get her assigned limit, I put > > > > them into a file (that point to an access deny_rule), and make squid > > > > -k reconfigure. > > > > > > Constantly reconfiguring Squid has a large number of side effects such > > > as the one you noticed. Avoiding that is a good idea. > > > > > > I recommend having a table in the database with the details about > > > whether a user is allowed (or not). The ext_sql_session_acl helper can > > > check that table to allow/deny users. > > > ?< > > http://www.squid-cache.org/Versions/v4/manuals/ext_sql_session_acl.html > > > > > > > > > > > > > HTH > > > Amos > > > > > > > > > ------------------------------ > > > > > > Subject: Digest Footer > > > > > > _______________________________________________ > > > squid-users mailing list > > > squid-users@lists.squid-cache.org > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > > ------------------------------ > > > > > > End of squid-users Digest, Vol 103, Issue 21 > > > ******************************************** > > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > > > http://lists.squid-cache.org/pipermail/squid-users/attachments/20230327/48f4c47d/attachment-0001.htm > > > > > > > ------------------------------ > > > > Subject: Digest Footer > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > ------------------------------ > > > > End of squid-users Digest, Vol 103, Issue 22 > > ******************************************** > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.squid-cache.org/pipermail/squid-users/attachments/20230328/fd60a036/attachment-0001.htm > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > > ------------------------------ > > End of squid-users Digest, Vol 103, Issue 23 > ******************************************** >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
