Scaffold of an Squid external ACL helper (event-driven and multi-threaded)
MIT License
Multi-threaded external ACL helper for Squid to dynamically deny/allow internet access for clients. Comes with three pluggable lookup backends including Memcached, LDAP and flat text files. Supports IPv6.
As Squid simply communicates with external helpers via stdin/stdout, we can easily test the helper by running it interactively:
webcontrol_helper -p "txtfile" -c example.conf -t 4
Whereas -p takes a comma-separated list of plugins, -c the config file name and -t specifies the number of threads to start.
Newer versions of Squid (3.x, 2.7?) support helpers performing multiple lookups simultaneously. This is achieved by prepending a channel number to every lookup request made. To perform a lookup, simply type an arbitrary channel number followed by the client's IP address (both IPv4 and IPv6 are supported):
> 1 192.168.1.41
The helper should reply immeditately:
1 OK
Modify your proxy's configuration file (which lives in /etc/squid3/squid.conf on Debian/Ubuntu machines):
external_acl_type webcontrol children=1 concurrency=500 %SRC /full/path/to/helper
acl allowedmachines external webcontrol
http_access allow allowedmachines