I want to use a PHP script to allow or deny Squid proxy request ina pfsense installation, so I'm using this configuration for external ACL:
external_acl_type mysqlAuth %SRC /usr/local/bin/php -f /var/scripts/mysqlacl.php
acl extGrant external mysqlAuth
http_access allow extGrant
My Mysql script looks like this:
<?php
file_put_contents("/var/scripts/out.txt",date("Y/m/d H:i:s")."Started\r\n",FILE_APPEND);
$STDIN=fopen("php://stdin", "r");
$STDOUT=fopen("php://stdout", "w"));
while (!feof($STDIN)) {
$line = trim(fgets($STDIN));
file_put_contents("/var/scripts/out.txt",date("Y/m/d H:i:s")." ".$line,FILE_APPEND);
fwrite($STDOUT, "OK\n");
//break;
}
?>
If I run this script from the command line everything works, for each input line I get a "OK" output line.
The problem is that when Squid runs I got this errors (log from system.log):
squid[43190]: Squid Parent: (squid-1) process 56700 started
(squid-1): The mysqlAuth helpers are crashing too rapidly, need help!
squid[43190]: Squid Parent: (squid-1) process 56700 exited with status
1squid[43190]: Squid Parent: (squid-1) process 56700 will not be
restarted due to repeated, frequent failures
And this is the cache.log:
kid1| ipcCreate: /usr/local/bin/php: (2) No such file or directory
But this file surely exists and to be sure that this is not due to a file access error, I tried to set a shell to "proxy" user, and login as proxy user (su proxy) and here from the shell call /usr/local/bin/php -f /var/scripts/mysqlacl.php and it works!
This is my php version:
PHP 5.5.22 (cgi-fcgi) (built: Feb 26 2015 18:00:22) Copyright (c)
1997-2015 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2015
Zend Technologies
with Suhosin v0.9.37.1, Copyright (c) 2007-2014, by SektionEins GmbH
What can it be?
Best Answer
This is my answer to use PHP scripts as squid external acl in pfsense: