On 29/12/2011 9:01 p.m., Ming Pun wrote:
I have the following acl in my squid.conf
external_acl_type acexternal children=50 ttl=60 negative_ttl=1 %>{X-MYAUTH} /usr/local/bin/acexternal localhost
acl iceauth external acexternal
http_access allow iceauth
http_access deny all
question on TTL expiration on the external_acl_type. When a external acl cached_result is expired due to TTL timeout, seems like squid will do a async call to the external acl program, acexternal in this case above, to validate the acl request.
if the async call acexternal does not return result before the "http_access deny all" is executed, will squid consider it is a 403 situation?
"deny all" will never get tested until after the async lookup has a
result back. http_access is one of the ("slow" type) access controls
which wait for async lookups.
Amos
