npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

squid3_sentry

v1.1.26

Published

squid3 redirect_program

Downloads

43

Readme

squid3_sentry

a redirect_program for squid3 (like squidGuard, but more flexible)

Highlights

  • Pure Javascript
  • Easily extendable
  • Rich set of predefined rule templates
  • LDAP compatible
  • Dynamic rule injection (no reload necessary)

Dependencies

  • Node.js
  • Squid3
  • Optional: LDAP Server (squid with user auth. e.g. ntlm)
  • Optional: Redis Server (dynamic rules and large domains lists e.g. shallalist)

Install sentry

Install Sentry globally:

npm install squid3_sentry -g

Or install it locally:

npm install squid3_sentry

Configuration (sentry)

via params

For a list of all params run

$ sentry --help

via config file

Config files need to be written in json (See examples folder)

Params:

  • name: The name of your instance. This is optional if you just have one squid instance!
  • redirect: The url to redirect the user if something is blocked
  • mode: Global mode for redirect or rewrite. See mode in rules definition.
  • log: Path to the log file. Bunyan is used as a logger.
  • log_level: Use error, warn or info. Default is error.
  • cache_time: Cache time in milliseconds. Cache will be cleated after that time (e.g. 300000 for 5 mins)
  • timeout: The timeout per request in milliseconds.
  • range: This will used for the balancer only (See Balancer)
  • ldap url: The url to your ldap server (e.g. ldap://domain.local)
  • ldap dn: The path to the user which will query your ldap directory (e.g. CN=MyUser,CN=Users,DC=domain,DC=local)
  • ldap password: The password for that user
  • ldap base: The base path for all searches
  • redis host: url or domain of your redis host (e.g. localhost)
  • redis port: The port of your redis server
  • redis password: If you use redis authentication.
  • rule_sources: Array of sources. Currently only 'config' and 'redis' is available. The rules are positioned depending on the source position in the array
  • rules: Array of rule definitions. (only via config file)

for debugging:

  • measure_times: The amount of time for every request will be messured. The times are visible in the debugger (See Live Debugging)
  • dry_run: Runs sentry in test mode. Every request is allowed, but sentry still checks it's rules! (See Live Debugging)

Configuration (squid3)

Add the following to your squid.conf

redirect_program sentry your/config/file.json
redirect_children 1
redirect_concurrency 100

Rules

The first rule that matches (e.g. all given criteria matches) will be executed (Deny or Allow).

The following rule will deny all requests and squid will redirect all http connections to the globally defined redirect address:

{
  name: 'rule1',
  allowed: false
}

To define a custom redirect address:

{
  name: 'rule1',
  allowed: false,
  redirect: 'my.custom.redirec.com'
}

The following configuration options are available:

  • name: Name of the rule (For debugging/verbode mode only). Default: rule
  • allowed: Deny or allow the url (e.g. black- or whitelist). Default: false
  • mode: Instead of redirecting a browser to another url (302 HTTP header) you could set it to rewrite to tell squid to load another page instead of redirecting the browser
  • redirect: The redirect or rewrite url

Redirect config

You could use the following placeholders:

  • [url]: Current url
  • [domain]: Current Domain
  • [name]: Matching rule name
  • [ip]: IP of the incomming connection
  • [username]: Username of the incomming connection (if squid uses authentication)
  • [method]: HTTP method. e.g. GET, POST,..

Default criteria

You could configure your rules with any of the following criteria:

  • categories: Array of category names. A category is a list of domains and/or urls stored in redis. (See shallalist import)
  • category_files: Same as categories, but expects a file paths with domains and/or urls. These files will be stored in redis and watched for changes
  • file_types: Array of filet ypes (e.g. ['swf', 'flv'])
  • ips: Array of ips (e.g. ['10.20.30.0/24', '10.55.11.33'])
  • matches: Array of wildcard matches (e.g. ['*goog*'])
  • groups: Array of LDAP groups. The full LDAP path is expected (e.g. ['CN=MyGroup,CN=Users,DC=domain,DC=local'])
  • users: Array of usernames
  • ous: Array of LDAP OUs. The full LDAP path is expected (e.g. ['OU=Development,DC=domain,DC=local'])
  • times: Array of objects in the following format: {from: '08:00', to:'17:00', week_day: 1}. The following params are available
  • from: From time (24h)
  • to: To time (24h)
  • week_day: JS Date week date
  • day
  • month
  • year

Custom rule definitions

To extend sentry and add custom rules take a look at lib/rules/

Example rule which will deny every second request

Squid.start(config);
Squid.core.addRuleDefinition({
  name: 'my_rule_def',

  //will be called once for every rule - in the context of the rule.
  config: function(options){
    //This rule definition is active (filter will be called!)
    this.types.push('my_rule_def');
    this.allow_next = true;
  },

  //will be called for every request for every rule where my_rule_def is active
  filter: function(options, callback){
    //Return true if the rule definition matches.
    callback(null, this.allow_next);
    //Alternate every request
    this.allow_next = !this.allow_next;
  }
});

//Add a rule if there isn't any defined
Squid.core.addRule({
  allowed: false
});

Shallalist import

Use the import script to import shallalist into redis

$ import path/to/shallalist

Live Debugging

Use the debugger script for life debugging

$ debugger config.json

Balancer

Use the balancer script for round robin style balancing. The following command will start a balancer with 3 sentry processes:

$ balancer config.json config.json config.json

You can also use the balancer script to create a separate context for different subnets. E.g. 10.20.30.0/24 should have a different set of rules than 192.168.0.0/24. Create a config file for every subnet and put the subnet definition into the range config option and start the blancer with the following command:

$ balancer subnet1.json subnet2.json