[squid-users] Need help to build my own external help

From: Mohamed Amine Kadimi <amine.kadimi_at_gmail.com>
Date: Tue, 10 Apr 2012 15:27:44 +0000

Hello,

I'm trying to make an external helper which will be called by an acl,
so I have created one which is very simple: it takes an IP in stdin
and returns OK if it maches a predefined IP.

It works when I test it from the CLI, however when I put the relevant
directives in the squid.conf file and restart squid the connection to
internet is no longer possible.

The message displayed by FF is : "Firefox is configured to use a proxy
server that is refusing connections".

Here's my squid.conf:

####################
external_acl_type src_ip_ext ttl=1 concurrency=0 %SRC /root/C/srcIP

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl src_ip external src_ip_ext

http_access allow manager localhost
http_access deny manager
#http_access allow localnet
http_access allow src_ip
http_access deny all

http_port 3128
####################

And the source code of the helper:

/* #################### */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define MAX_INPUT 256

int main()
{
    char request [MAX_INPUT]; /* this is a holder for the stdin request */

    /* below file is just to track execution of the script */
    FILE *fp;
    fp = fopen("file.txt","a");
    fprintf(fp,"%s\n","This is an execution"); /*append some text*/
    fclose(fp);

    while (fgets(request, MAX_INPUT, stdin) != NULL){

        const char *index;
        index = strtok(request, " \n"); /* this is to get rid of \n */
        if (strcmp (index,"172.30.30.1") == 0) {
            printf("OK\n");
        }
        else printf("ERR\n");
    }

    return 0;
}
/* #################### */

This is just a proof of concept not the final helper I intend to make
(I know source IP can be controlled directly via ACLs).

What I am doing wrong?
Received on Tue Apr 10 2012 - 15:27:51 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 17 2012 - 12:00:03 MDT