> You are much better off doing this with Apache's rewrite, if that happens to > be your http server. Sadly Squid is pretty awkward for rewriting purposes. But there are two rewritings needed at this time. Basic rewritings (URLs translation from old to new style by example). And more complex ones, which decisions must be as follow: 1. Is the referrer external. 2. If it is external, is the object blacklisted in our database (potentialy hundreds of thousands after a while). 3. If blacklisted, rewrite URL to fetch "do not abuse" object (several objects possible). So it needs an external program. And if I rewrite (or not) an URL in the webserver, will squid have the 2 objects (legit or abuser) cached separately...? GET /path/image.gif with referrer=oursite => /path/image.gif GET /path/image.gif with referrer=external but not blacklisted => /path/image.gif GET /path/image.gif with referrer=external and blacklisted => /path2/abuser.gif > > Or, could I use a dirty trick like 'user=NEWURL' set by external_acl helper > > program and then get it from url_rewrite input parameters...? > > So far we don't need authentification, but can the variable handle an URL... I tried using the user variable as a message between the external_acl (that can look at the referrer) and the url_rewrite programs and it seems to work fine. And I don't need to pass an URL; I just need to pass something like an "legit" or "abuser" message. 1. external_acl program looks at referrer and returns user=legit or user=abuser 2. url_rewrite program do its basic rewritings and, if user=abuser, also check if object is blacklisted... Without any authentication needs, do you forsee any problem with this trick? Thx, JD