squid 3.1.19 external_acl_type fail

Bug #1081952 reported by sense
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
squid3 (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

System: ubuntu 12.04.1
Squid: 3.1.19-1ubuntu3.12.04.1 (apt-get install)

In squid.conf:
...
external_acl_type testcom_ip ttl=0 children=5 ipv4 %SRC php /php/squid_eacl/test_ip.php
acl testcom_ipacl external testcom_ip
http_access allow testcom_ipacl
http_access deny all
...

In the /php/squid_eacl/test_ip.php, I let it return OK everytime:
<?php
$time=null;
$output=null;
while ($i = fopen('php://stdin', 'r')) {
 $ii = fgets($i);
 $s = trim($ii);
 fclose($i);
 if ($s == NULL) {
  if ($time == time()) {
   break;
  } else {
   $time = time();
   continue;
  }
 }
 $o = fopen('php://stdout', 'w');
 #fwrite($o,"OK user=test\n");
 fwrite($o,"OK\n");
 fclose($o);
}
?>

Client use the Squid server as proxy and will get "Access Deny" many time. It seems squid will miss the external_acl_type acl ( "http_access allow testcom_ipacl") of config.conf in sometime.

Tags: precise
Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

What is your "testcom" ACL? Are you aware that http_access ANDs its arguments, and so will never evaluate the second argument if the first argument fails?

Since this appears to be expected behaviour to me, this looks like a local configuration problem, rather than a bug in Ubuntu. So I'm marking this bug as Invalid.

You can find pointers to get help for this sort of problem here: http://www.ubuntu.com/support/community

If you believe that this is really a bug, please explain, and then change the bug status back to New.

Changed in squid3 (Ubuntu):
status: New → Incomplete
status: Incomplete → Invalid
sense (opaperjam)
description: updated
Revision history for this message
sense (opaperjam) wrote :

Sorry, I pasted a wrong config.conf, but the bug does existed. And now I was corrected it:

"http_access allow testcom testcom_ipacl"
to
"http_access allow testcom_ipacl"

I do a lot of test. It realy seems Squid 3.1.19-1ubuntu3.12.04.1 has the external_acl_type problem (squid will miss external_acl_type some time). And I complie install Squid 3.2.3 in ubuntu 12.04, it runs no problem with the some config file. Please test it again. Thanks!

Robie Basak (racb)
Changed in squid3 (Ubuntu):
status: Invalid → New
importance: Undecided → Medium
Revision history for this message
Tiago Stürmer Daitx (tdaitx) wrote :

Thank you for reporting this bug to Ubuntu. There is a new 3.1.19-1ubuntu3.12.04.3 release available, I will be setting this bug as Invalid until it is tested with the new release.

Changed in squid3 (Ubuntu):
status: New → Invalid
tags: added: precise
Revision history for this message
Tiago Stürmer Daitx (tdaitx) wrote :

Apologies, the right status was Incomplete.

Changed in squid3 (Ubuntu):
status: Invalid → Incomplete
Revision history for this message
Amos Jeffries (yadi) wrote :

I think this bug is not valid.

The config does not meet the documented requirement that the script interpreter be a *full path* to the sript interpreter, or helper binary. "php" is not the full path to the PHP executable.

The helper is also closing its stdin communication socket to Squid before sending any response back. When Squid receives that termination signal, the helper state will be shutdown and ERR used in place of any pending lookups.

Changed in squid3 (Ubuntu):
status: Incomplete → Invalid
sense (opaperjam)
description: updated
Revision history for this message
sense (opaperjam) wrote :

I change my squid.conf but forget to change my description, sorry.

There is no ACL name testcom. Now I change the description about
"http_access allow testcom testcom_ipacl"
to
"http_access allow testcom_ipacl"

My ubuntu is upgrade to 14.04 now , and it's squid3 runs with no problem . Thank you again.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.