# squid 3 und externe scripte Debian 6 squeeze



## jkallup (8. Oktober 2012)

Hallo

habe Probleme squid3 zum laufen zu bringen:
meine squid.conf schaut folgender massen aus:


```
cache_access_log /dev/null
cache_store_log none
cache_log /dev/null

external_acl_type VERIFIED ttl=60 %DST /etc/squid/block.sh
acl gesperrt external VERIFIED
http_access allow gesperrt

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320
```


Die Aushabe schaut wie folgt aus:


```
# /usr/local/squid/sbin/squid -f /etc/squid/squid.conf -N -d 1
2012/10/08 20:48:04| Starting Squid Cache version 3.2.2 for x86_64-unknown-linux-gnu...
2012/10/08 20:48:04| Process ID 18775
2012/10/08 20:48:04| Process Roles: master worker
2012/10/08 20:48:04| With 1024 file descriptors available
2012/10/08 20:48:04| Initializing IP Cache...
2012/10/08 20:48:04| DNS Socket created at [::], FD 5
2012/10/08 20:48:04| DNS Socket created at 0.0.0.0, FD 6
2012/10/08 20:48:04| Adding nameserver 192.168.178.1 from /etc/resolv.conf
2012/10/08 20:48:04| helperOpenServers: Starting 0/5 'ncsa_auth' processes
2012/10/08 20:48:04| helperOpenServers: No 'ncsa_auth' processes needed.
2012/10/08 20:48:04| helperOpenServers: Starting 5/5 'block.sh' processes
2012/10/08 20:48:04| Logfile: opening log /dev/null
2012/10/08 20:48:04| WARNING: log parameters now start with a module name. Use 'stdio:/dev/null'
2012/10/08 20:48:04| Store logging disabled
2012/10/08 20:48:04| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2012/10/08 20:48:04| Target number of buckets: 1008
2012/10/08 20:48:04| Using 8192 Store buckets
2012/10/08 20:48:04| Max Mem  size: 262144 KB
2012/10/08 20:48:04| Max Swap size: 0 KB
2012/10/08 20:48:04| Using Least Load store dir selection
2012/10/08 20:48:04| Current Directory is /home/jkallup/Downloads/squid-3.2.2
2012/10/08 20:48:04| Loaded Icons.
2012/10/08 20:48:04| HTCP Disabled.
2012/10/08 20:48:04| Squid plugin modules loaded: 0
2012/10/08 20:48:04| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 18 flags=9
2012/10/08 20:48:04| WARNING: kallup_db #3 exited
2012/10/08 20:48:04| Too few kallup_db processes are running (need 1/5)
2012/10/08 20:48:04| Closing HTTP port [::]:3128
2012/10/08 20:48:04| storeDirWriteCleanLogs: Starting...
2012/10/08 20:48:04|   Finished.  Wrote 0 entries.
2012/10/08 20:48:04|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: The kallup_db helpers are crashing too rapidly, need help!
```


woran kann das liegen?
Danke für Aufklärung.


das block.sh script:
#!/bin/sh
echo "OK"


----------



## deepthroat (9. Oktober 2012)

Hi.

Du mußt in deinem Auth Helper auf eine Eingabe warten, dann eine Ausgabe schreiben. Wiederholen.

Jedenfalls darf dein Skript sich nicht einfach beenden.

Siehe z.B. http://www.freesoftwaremagazine.com/articles/authentication_with_squid

Gruß


----------



## jkallup (9. Oktober 2012)

Hallo,

habe folgenden Code, Squid startet, http://www.facebook.com steht in der Datenbank.
Wenn ich das script von der console her aufrufe, wird gewartet bis ich eine Eingabe gemacht habe.
wenn ich dann http://www.facebook.com eingebe, wird OK ausgegeben.
starte ich nun den squid - er läuft prima****** komma und schreibe in chrome die url rein, wird dennoch
der link geöffnet.
woran kann das liegen?


```
#!/usr/bin/php
<?php
$db['server'] = 'localhost';
$db['db'] = 'squid';
$db['user'] = '';
$db['passwd'] = '';

$connection = mysql_connect($db["server"], $db["user"], $db["passwd"]);
mysql_select_db($db["db"], $connection);

// Loop to answer squid.
while (!feof(STDIN))
{
	$line    = trim(fgets(STDIN));
	$fields  = explode(' ', $line);
	$website = $fields[0];

	$sql = "select site from gesperrt where site = '" . $website . "'";
	$query = mysql_query($sql);
	$res  =  mysql_fetch_assoc($query);

	if (isset($res['site']) && $res['site'] != "")
	fwrite(STDOUT,"OK\n"); else
	fwrite(STDOUT,"ERR\n");
}

?>
```

ok, hat sich gerade erledigt!
habe die http_access directive an den Anfang der Option gesetzt.
nun geht es und sogar schneller als ich gedacht habe.

ach herje

neues Problem:

wenn ich den link:     test.com
ansurfe, kommt die squid fehlermeldung

wenn ich aber nun:   http://www.test.com
ansurfe, kommt die eigentliche website

was kann das nun sein?

so, geschafft ******

anscheinend muss man den squid nach jedem Eintrag
neu starten.
ich verstehe nur nicht, inwiefern das mit mysql zu tun hat?


----------

