Placing SQUID ACL's in MySQL DB - is it possible?

Question

The main question is whether it is possible to create squid acl to receive credentials from the mysql database? Description of the situation. Device PI - Raspberry PI Device B - Computer Server PI connects to the server, knowing its static IP, this opens the port while running a reverse shell, so pinging the server on a given IP address and port get access to PI. Device B wants to communicate with the PI, and does not know its IP so it tryies to ping the server from which receives information on which port is PI. This operation is performed on the squid server - for the user from the database (I did it from tutorials - squid auth over mysql DB) server gets the information if user can be logged on the proxy server. I wish I could also generate squid ACL on DB, so I would know on what ports to specific PI users can get.

So in the ACL would be placed information on which local port of server user can be authenticate (there will run a reverse shell so it automatically connect to PI)

Answer 1

Is possible using external_acl or rewrite_program. For programtion use C, Perl, PHP, ShellScript. You need only return ERR for negation or OK for allow the access. On external_acl you can pass to program any parrametres, url, port destination, port source, ip source, domain destionation, user.

basic example, allow access the "google"

#!/usr/bin/php -q
<?php
include "mysql.php";
include "funcoes.php";

$temp = array();
stream_set_timeout(STDIN, 86400);
if (!defined(STDIN)) {
define("STDIN", fopen("php://stdin", "r"));
}


while (!feof(STDIN)) {
$input = trim(fgets(STDIN));
$found = 0;
$login = 0;
$temp = split(' ', $input);
$output = $temp[0] . "\n";
$url_output = $output;
$url_output_debug = $temp[0];

$pos = strpos($url_output, 'google');
if ($pos !== false) {
    $output = "OK \n";
    $found = 1;
} else {
    $output = "ERR \n";
}

fwrite(STDOUT, $output);
}
?>