[squid-users] Re: Mail

From: Jan Humme <jan.humme@dont-contact.us>
Date: Mon, 22 Jul 2002 14:41:21 +0200

Ryan,

Please post to the squid mailing list, i.o. directly to me, so other squid
mailing-list participants can try and help you, and others now and in the
future may be helped by your questions and following answers.

Since I am not too familiar with Pearl, who can check Ryan's script and tell
him why he gets 2 login-screens?

And what about his problem "too few directors" ?

Jan Humme.

On Monday 22 July 2002 02:48, Ryan Hairyes wrote:
> Hi Jan,
>
> Thanks for your reply. I was wondering if you had a moment to look at this
> script I wrote. I usually do everything in C, however, because I needed to
> get something usable quick, I decided to use perl. I know perl decently.
>
> I needed my "redirector" to be able to readin the request of the user and
> then check a postgresql database to see if they are logged in (checking the
> incoming ip against the ip in the database). If that IP is not registered
> in the database then redirect them to a login site (that I created) where
> they can auth. themselves. If their IP is present, then redirect them to
> the site of their request. Also, the ip/url would be checked against
> squidGuard to make sure that there was no inappropriate material (ie,
> drugs, porn, etc..).
>
> So this is what I came up with:
>
> #!/usr/bin/perl
> use IPC::Open2;
> use Pg;
>
> $sg= "/usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf";
> open2(*FROM_SG,*TO_SG, $sg) or die "$!";
>
> $| = 1;
> while(<>) {
> @info= split(/ /,$_);
> $url= $info[0];
> $addr= $info[1];
> $addr=~ s/\/-//;
> $conn= Pg::setdbLogin("localhost", "" , "" , "" , "WebFil", 'apache',
> "password"); $result = $conn->exec("select * from ip_tbl where
> clientip='$addr'"); $dbip = $result->getvalue(0,1);
> if($dbip ne $addr) {
> goto LOGIN;
> }
> print TO_SG "$_";
> $sgurl = <FROM_SG>;
> print $sgurl;
>
>
> unlink($conn)
> }
> LOGIN:
> print "http://<site name>/cgi-bin/login.pl\r\n\r\nLocation:
> http://<site_name>/cgi-bin/login.pl";
>
> : I have 2 problems now
>
> (1). I get a double login screen. What I mean is when it redirects the
> user tothe requested login screen and they try to login, it sends them to
> the login screen again one more time. Then when they login again it will
> allow them to go through.
>
> I suspect it has something to do with this line here ... but Im not exactly
> surewhat I should be doing here:
>
> print "http://<site name>/cgi-bin/login.pl\r\n\r\nLocation:
> http://<site_name>/cgi-bin/login.pl";
>
> and the reason I did it this way is because I noticed that it with just the
> first part (print "http://<site name>/cgi-bin/login.pl\r\n") that it would
> redirect the site to my requested page ... but when the user tried to login
> it would try to push their information to their requested site .... not
> mine.
>
> IE --> The user reqests the site www.yahoo.com. Well their IP is not in
> the database so it redirects them to a site of my choice where they are to
> login in.Im calling that www.login-screen.com/login.pl. So the redirector
> sends them to the redirector screen (www.login-screen.com/login.pl) but in
> the location bar of the browser it still says www.yahoo.com. So if they
> press the submit button it tries to send their login info to
> www.yahoo.com/login.pl which obviously does not exist.
>
> So I added in the next part ... Location:
> http://<site_name>/cgi-bin/login.pl to see if that would help any.
> However, now it just makes the user fill out the login screen twice. Very
> annoying.
>
> (2) My next problem has to do with people connecting. When more than 2
> users connect via squid I receive the "too few redirectors" and performance
> is really bad. I have the redirector children set to 5 ... and I tried
> moving it up. However, when I move it up too high the warnings go away but
> the performance is still crappy due to it using up too much memory. My
> redirector is only 667 bytes. I think it my problem here may have
> something to do with the info being passed in and out to squid. But Im not
> sure.
> Here is some background on this machine and my addition creation:
>
> The machine is a Sun Netra T1 with 512MB RAM and a 2 20GB HD's running
> Solaris 8 (02/02).
>
> I work for a school system so I have to be able to filter the user content
> (squidGuard) and they must login which is what I have done.
>
> I basically used perl for everything I have done. I used postgresql 7.2.1
> for my database. I created an administration screen (where admins can add
> other accounts .. disable accounts ... edit content lists, view usage
> logs...etc.. accesse by apache on port 80).
> After the user logs in, they are allowed to surf for a certain amount of
> time (set by an admin in the user database) and then after that time is up
> the ip will expire. The above program will see this and make them go to
> the login screen to re-auth themselves. If they try to "hit" a site that
> is not allowed then their username and ip is logged as well as the site
> they tried to receive and the time they tried it.
>
> Everything works great except for the 2 problems above.
>
>
> Also, anything you could give me as far as how to make squid function
> faster (ie if you think I should do http_accel stuff or disable cash or set
> it to a certain size) then I would greatly appreciate it.
>
>
> Any help or examples you could give me would be greatly appreciated.
>
> Thanks for your time and sorry for such a long e-mail.
>
> : I missed your initial request, but with browser-redirect you can use any
> : language that you are familiar with, as long as your read from stdin and
> : write to stdout. It doesn't need to be perl.
> :
> : Hope this helps.
> :
> : Jan Humme.
Received on Mon Jul 22 2002 - 06:40:44 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:19 MST