I want to use a PHP script to allow or deny Squid proxy request ina pfsense installation, so I'm using this configuration for external ACL:
external_acl_type mysqlAuth %SRC /usr/local/bin/php -f /var/scripts/mysqlacl.php acl extGrant external mysqlAuth http_access allow extGrant My Mysql script looks like this:
<?php file_put_contents("/var/scripts/out.txt",date("Y/m/d H:i:s")."Started\r\n",FILE_APPEND); $STDIN=fopen("php://stdin", "r"); $STDOUT=fopen("php://stdout", "w")); while (!feof($STDIN)) { $line = trim(fgets($STDIN)); file_put_contents("/var/scripts/out.txt",date("Y/m/d H:i:s")." ".$line,FILE_APPEND); fwrite($STDOUT, "OK\n"); //break; } ?> If I run this script from the command line everything works, for each input line I get a "OK" output line.
The problem is that when Squid runs I got this errors (log from system.log):
squid[43190]: Squid Parent: (squid-1) process 56700 started
(squid-1): The mysqlAuth helpers are crashing too rapidly, need help!
squid[43190]: Squid Parent: (squid-1) process 56700 exited with status 1
squid[43190]: Squid Parent: (squid-1) process 56700 will not be restarted due to repeated, frequent failures
And this is the cache.log:
kid1| ipcCreate: /usr/local/bin/php: (2) No such file or directory
But this file surely exists and to be sure that this is not due to a file access error, I tried to set a shell to "proxy" user, and login as proxy user (su proxy) and here from the shell call /usr/local/bin/php -f /var/scripts/mysqlacl.php and it works!
This is my php version:
PHP 5.5.22 (cgi-fcgi) (built: Feb 26 2015 18:00:22) Copyright (c) 1997-2015 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies with Suhosin v0.9.37.1, Copyright (c) 2007-2014, by SektionEins GmbH
What can it be?
