Differences

This shows you the differences between two versions of the page.

--- squid:acls:acl_example_usage [2020/04/07 10:39] – peter
+++ squid:acls:acl_example_usage [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 2: / Line 2: @@
-----
-==== url_rewrite_program PATH ====
-  * With this option, specify a URL rewriter.
-  * Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd, .vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example:
-<code>
-    url_rewrite_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl
-</code>
-<WRAP info>
-**NOTE:**  Do not place quotes around the path...this could break it.
-</WRAP>
-----
-==== auth_param basic program PATH ====
-  * If users must be authenticated on the proxy, set a corresponding program, such as /usr/sbin/pam_auth. When accessing pam_auth for the first time, the user sees a login window in which they need to specify a user name and a password. In addition, you need an ACL, so only clients with a valid login can use the Internet:
-  <code>
-    acl password proxy_auth REQUIRED
-    http_access allow password
-    http_access deny all
-</code>
-  * In the acl proxy_auth option, using REQUIRED means that all valid user names are accepted. REQUIRED can also be replaced with a list of permitted user names.
-==== ident_lookup_access allow ACL_NAME ====
-  * With this option, have an ident request run to find each user's identity for all clients defined by an ACL of the type src. Alternatively, use this for all clients, apply the predefined ACL all as the ACL_NAME.
-  * All clients covered by ident_lookup_access must run an ident daemon. On Linux, you can use pidentd (package pidentd ) as the ident daemon. For other operating systems, free software is usually available. To ensure that only clients with a successful ident lookup are permitted, define a corresponding ACL:
-  <code>
-    acl identhosts ident REQUIRED
-    http_access allow identhosts
-    http_access deny all
-</code>
-  *  In the acl identhosts ident option, using REQUIRED means that all valid user names are accepted. REQUIRED can also be replaced with a list of permitted user names.
-  *  Using ident can slow down access time, because ident lookups are repeated for each request.
-----
 ===== Allowed Subnets =====
@@ Line 348: / Line 302: @@
 </code>
+----
+===== url_rewrite_program PATH =====
+  * With this option, specify a URL rewriter.
+  * Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd, .vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example:
+<code>
+    url_rewrite_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl
+</code>
+The actual rewriter script that is called would be something like this:
+<code perl>
+#!/usr/bin/env perl
+$|=1;
+while (<>) {
+  $url = m/^([^ ]*)/;
+  if ($url !~ /^http:\/\/www\.hostname\.com/) {
+    $url =~ s@^http://www\.hostname\.com/(.*)@http://www.hostname.com/\1@;
+    print "301:$url\n";
+  } else {
+    print "$url\n";
+  }
+}
+</code>
+If it exists with abnormal program termination and this is in the cache.log:
+<code bash>
+/03/23 19:26:12| helperOpenServers: Starting 5 'c:\squid\php\redirect.pl' processes
+/03/23 19:26:12| ipcCreate: CHILD: c:\squid\php\redirect.pl: (8) Exec format error
+/03/23 19:26:12| ipcCreate: PARENT: OK read test failed
+/03/23 19:26:13| --> read returned 4
+</code>
+Then could be to not place quotes around the path...
 ----
+===== auth_param basic program PATH =====
+  * If users must be authenticated on the proxy, set a corresponding program, such as /usr/sbin/pam_auth. When accessing pam_auth for the first time, the user sees a login window in which they need to specify a user name and a password. In addition, you need an ACL, so only clients with a valid login can use the Internet:
+  <code>
+    acl password proxy_auth REQUIRED
+    http_access allow password
+    http_access deny all
+</code>
+  * In the acl proxy_auth option, using **REQUIRED** means that all valid user names are accepted.  REQUIRED can also be replaced with a list of permitted user names.
+----
+===== ident_lookup_access allow ACL_NAME =====
+  * With this option, have an ident request run to find each user's identity for all clients defined by an ACL of the type src. Alternatively, use this for all clients, apply the predefined ACL all as the ACL_NAME.
+  * All clients covered by ident_lookup_access must run an ident daemon. On Linux, you can use pidentd (package pidentd ) as the ident daemon. For other operating systems, free software is usually available. To ensure that only clients with a successful ident lookup are permitted, define a corresponding ACL:
+  <code>
+    acl identhosts ident REQUIRED
+    http_access allow identhosts
+    http_access deny all
+</code>
+  *  In the acl identhosts ident option, using REQUIRED means that all valid user names are accepted. REQUIRED can also be replaced with a list of permitted user names.
+  *  Using ident can slow down access time, because ident lookups are repeated for each request.
+----
 ===== References =====