Re: Why doesn't REQUEST_HEADER_ACCESS work properly with aclnames?

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

On Tue, 5 Apr 2011 18:26:45 +0000, Jenny Lee wrote:
> Hello Squid Folks,
>
> Here is an excerpt from squid.conf.documented:
>
> #  TAG: request_header_access
> #       Usage: request_header_access header_name allow|deny 
> [!]aclname ...
>
> This seems to work only as:
>
> request_header_access User-Agent deny all
>
> Why can't I do:
>
> request_header_access User-Agent deny all !OFFICE

That second means:
 request_header_access User-Agent deny !OFFICE
 request_header_access User-Agent allow all

aka
 request_header_access User-Agent allow OFFICE
 request_header_access User-Agent deny all

> or
>
> request_header_access User-Agent allow OFFICE1
> request_header_access User-Agent allow OFFICE2
> request_header_access User-Agent deny all
>
> It just does not allow OFFICE through without modification on
> (header_replace User-Agent).
>
> This is driving me crazy. I cannot modify user-agents of our 
> executives.

What is the definition of OFFICE ?
 request_header_access are fast ACL which will not wait for unavailable 
details to be fetched.

Amos