On Tue, 2008-01-22 at 09:50 +0100, Bourdaraud Vincent (NSN - FR/St-Ouen) wrote: > Yes, this hack is working. Glad to hear that. > By the way, logging ICAP response headers would be far cleaner, yes, > since hacks tend to stop working with new versions ;) Our server is able > to add information within ICAP header (it is its default behavior). > > Do you think it would be difficult to add this feature to squid? A clean implementation should add an "<icapFirst", "<icapLast", or "<icapAll" format specification to the logformat option, similar to the existing "<h" specification. While Squid3 currently supports only one ICAP service invocation per HTTP message, that is likely to change and so there could be multiple ICAP responses to get the header from. A capable developer should be able to add support for one of those options in under 8 hours. You can find capable Squid developers at http://www.squid-cache.org/Support/services.dyn but keep in mind that the list has not been managed yet and has many irrelevant entries. HTH, Alex. > On Mon, 2008-01-21 at 10:35 -0700, ext Alex Rousskov wrote: > > On Thu, 2008-01-17 at 17:01 +0100, Bourdaraud Vincent (NSN - FR/St-Ouen) > > wrote: > > > > > I'm new to squid. It looks overall pretty good, by I found a show > > > stopper for our project :( > > > > > > We use squid 3.0 STABLE1 compiled with --enable-icap-client and > > > configured to delegate all HTTP request to our ICAP server. We need > > > squid to add some information processed by our ICAP server within its > > > HTTP transaction logs (basically, this information is a user unique ID). > > > This information is very sensitive and must not be forwarded to > > > origin-servers. > > > > > > I've read FAQ, docs and played with squid and found no solution since > > > squid is not able to ICAP header and not able to log HTTP headers before > > > they are removed with header_access rules > > > > > > Do you guys have some idea? > > > > One hack you could try is to add "Connection: X-FOO" HTTP header in hope > > that Squid will log and then remove it before forwarding. I have not > > tried that and do not know whether hop-by-hop headers are removed late > > enough for this ugly hack to work. > > > > If logging and then removing HTTP headers is not possible, then I think > > we should add a feature to log ICAP response headers. Can your server > > return the needed information in the ICAP response header instead of the > > HTTP message header? > > > > Thank you, > > > > Alex. > > > >
