Univention Bugzilla – Bug 42544
Additional Squid acl types
Last modified: 2021-04-28 10:09:46 CEST
Created attachment 8057 [details] squid diff While migrating from file based acl's to ucr variable based ones I noticed that at least three acl types are missing. urlpath_regex rep_mime_type proxy_auth_regex I extended /etc/univention/templates/files/etc/squid3/squid.conf accordingly, so that I can set these acl types as ucr variables. See the attached diff. Can you include this patch to the repository?
Created attachment 8059 [details] diff_2
I also added the dst acl type, see the second diff (includes the previous diff which can be ignored). There is no error handling for correct CIDR notation yet. Additionally it would be nice if you could sort the parsed acl names in the squid.conf by name and human readable numbers. Following extract should clarify my request. acl useracl_dstdomain_i_4 dstdom_regex -i xxx acl useracl_urlpath_i_15 urlpath_regex -i xxx acl useracl_dstdomain_i_8 dstdom_regex -i xxx acl useracl_urlpath_i_7 urlpath_regex -i xxx acl useracl_urlpath_i_33 urlpath_regex -i xxx acl useracl_urlpath_i_10 urlpath_regex -i xxx acl useracl_urlpath_i_25 urlpath_regex -i xxx acl useracl_dstdomain_i_5 dstdom_regex -i xxx acl useracl_urlpath_i_28 urlpath_regex -i xxx acl useracl_urlpath_i_13 urlpath_regex -i xxx acl useracl_dstdomain_i_1 dstdom_regex -i xxx
We should really expand the accepted ACL elements. In a customer scenario we need 'src' and 'arp' to whitelist certain clients.
There is a Customer ID set so I set the flag "Enterprise Customer affected".
Another customer needs this, too. The "src" acl type is especially handy to exclude certain clients or networks from authentication (think unjoined or administrative clients). Workaround: write custom ACLs und rules to /etc/squid3/local_rules.conf
https://github.com/univention/univention-corporate-server/pull/8
@Ingo: The author of the Pull Request asked "when will this be merged?"
(In reply to Florian Best from comment #7) > @Ingo: > The author of the Pull Request asked "when will this be merged?" It is in the Product Backlog. I expect that we will review the patch in August, but can't guarantee.
The bug is 4 years old by now and already contained an initial diff. There still is this open PR for 2 years by now.