I just realized that "Cookie" headers are also not obeyed when going through peers. Everything works going direct, but nothing works if you are using any peers. I surely cannot be the only person out of all squid users that is bitten by this anomaly. Jenny > From: bodycare_5@xxxxxxxx > To: squid3@xxxxxxxxxxxxx; squid-users@xxxxxxxxxxxxxxx > Date: Thu, 28 Apr 2011 19:25:27 +0000 > Subject: RE: Why doesn't REQUEST_HEADER_ACCESS work properly with aclnames? > > > > > It seems to me that ACL SRC is NEVER checked when going to a Peer. > > > > > > WHAT I WANT TO DO: > > > acl OFFICE src 1.1.1.1 > > > request_header_access User-Agent allow OFFICE > > > request_header_access User-Agent deny all > > > request-header_replace User-Agent BOGUS AGENT > > > > > > > > > [OFFICE UA should not be modified whehter going direct or through a peer] > > > > > > Thanks, > > > > > > Jenny > > > > > > PS: Running 3.2.0.7 on production and works good and reliably. The UA issue above is present on both 3.2.0.1 and 3.2.0.7. > > > > > > Okay, this is going to need a cache.log trace for "debug_options 28,9" > > to see what is being tested where. > > > No difference whatever is done. PEER1, !PEER1, !PEER2... No peer... Seperate lines... > > SRC IP is never available, so it always fails. PEER is available though, I can make it work with using just PEER1. Going direct works also as expected. > > Thanks. > > Jenny > > > kid1| ACLChecklist::preCheck: 0x7ffff504abc0 checking 'request_header_access User-Agent allow OFFICE_IP !PEER1' > kid1| ACLList::matches: checking OFFICE_IP > kid1| ACL::checklistMatches: checking 'OFFICE_IP' > kid1| aclIpAddrNetworkCompare: compare: [::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00] ([::]) vs 2.2.2.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00] > kid1| aclIpMatchIp: '[::]' NOT found > kid1| ACL::ChecklistMatches: result for 'OFFICE_IP' is 0 > kid1| ACLList::matches: result is false > kid1| aclmatchAclList: 0x7ffff504abc0 returning false (AND list entry failed to match)
