On 26/04/11 05:27, Jenny Lee wrote:
<snip>
HALF-BAKED: acl OFFICE src 1.1.1.1 request_header_access User-Agent allow OFFICE request_header_access User-Agent deny all request-header_replace User-Agent BOGUS AGENT [DIRECT works as expected for OFFICE -- no modifications. However, UA for OFFICE is replaced as soon as the connection is forwarded to a peer] HALF-BAKED: acl OFFICE src 1.1.1.1 cache_peer 2.2.2.2 parent 22222 0 proxy-only no-query name=PEER2 acl PEER2 peername PEER2 request_header_access User-Agent allow PEER2 OFFICE request_header_access User-Agent deny PEER2 !OFFICE request_header_access User-Agent deny all request-header_replace User-Agent BOGUS AGENT [all and every combination of ALLOW/DENY/PEER2/OFFICE... does not work] WORKS WHEN GOING THROUGH A PEER: request_header_access User-Agent allow PEER2 request_header_access User-Agent deny all request-header_replace User-Agent BOGUS AGENT It seems to me that ACL SRC is NEVER checked when going to a Peer. WHAT I WANT TO DO: acl OFFICE src 1.1.1.1 request_header_access User-Agent allow OFFICE request_header_access User-Agent deny all request-header_replace User-Agent BOGUS AGENT [OFFICE UA should not be modified whehter going direct or through a peer] Thanks, Jenny PS: Running 3.2.0.7 on production and works good and reliably. The UA issue above is present on both 3.2.0.1 and 3.2.0.7.
Okay, this is going to need a cache.log trace for "debug_options 28,9" to see what is being tested where.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
