squid_geoip
squid_geoip, an external helper program for Squid.
Its purpose is to define a new ACL type based on the country of the client making the request, or the country of the requested object.
To define the ACL, one would use Squid's external_acl_type configuration directive.
If the object's country matches any of the countries specified as parameters to the program, the ACL evaluates to true. If there is no match, or the country could not be determined, the ACL evaluates to false.
In order to find out the country the host belongs to, this program uses the
GeoIP database and library, both of which are freely available at
http://www.maxmind.com/.
You must install the library before attempting to build this program.
The syntax for the program is as follows:
<![CDATA[squid_geoip [ -d geoip_database] country_code [...]]]>
You may optionally specify the location of your geoip database, as well as any number of country codes to match against.
Example on how to configure squid to use a parent proxy for websites in Taiwan:
<![CDATA[
...
# define external ACL type based on destination object's country
external_acl_type GeoIP_tw children=1 concurrency=0 %DST /usr/libexec/squid/squid_geoip.pl tw
# define the ACL using previous ACL type
acl AclGeoIP_tw external GeoIP_tw
# this is to have the ACL in a slow category access
# see http://wiki.squid-cache.org/SquidFaq/SquidAcl#Fast_and_Slow_ACLs
http_access allow AclGeoIP_tw
# define cache peer using previous ACL
cache_peer x.x.x.x parent 8080 0 name=proxy_for_taiwan
cache_peer_access proxy_for_taiwan allow AclGeoIP_tw
...
]]>
To compile this program, run:
<![CDATA[gcc -o squid_geoip squid_geoip.c -lGeoIP]]>
If GeoIP is installed in a non-standard location, you may need to specify them to gcc:
<![CDATA[gcc -o squid_geoip squid_geoip.c -lGeoIP -L/usr/local/lib -I/usr/local/include]]>
Feel free to email me regarding squid_geoip at this address: Alan Mizrahi <alan at mizrahi dot com dot ve>
Click here to download squid_geoip version 1.0.