Thanks - that is what I have feared... I have tried with a header set via icap, and I can confirm it is possible to filter on the response this way - finally I can move forward! As you have mentioned, adding the acls based on unmodified requests would be helpful... As for notes/annotations - the man pages do not mention any of this at least in "acl" (http://www.squid-cache.org/Doc/config/acl/). Also there would be the need to allow to set/modify those notes from the config (similar to request_header_access/rewrite) Thanks, Martin -----Original Message----- From: Alex Rousskov [mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx] Sent: Freitag, 01. März 2013 00:37 To: Martin Sperl Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: ICAP and "selecting" corresponding adaption_access for response via ACL based on the original destination domain On 02/28/2013 08:32 AM, Martin Sperl wrote: > Is there another acltype besides "dstdomain" to match on the > unmodified dstdomain instead of the icap-request modified dstdomain? AFAIK, no. > As a workaround: do I need to set an additional header (via > header_access/header_replace or similar) and trigger on this acl > (acl ... req_header <headername>) instead of modify_response_a? Your ICAP service can add that HTTP request header while rewriting the request. You may even be able to then filter it out on the way from Squid using request_header_access, but whether that will delete it from the request that Squid remembers needs to be checked/tested. > Other ideas? What you may want is annotations that can be set by the ICAP service in ICAP response headers, without modifying the HTTP request header. Those annotations can then be matched using a "note" ACL. eCAP can do something like that already, but I think that Squid ICAP code lacks the necessary glue. Eventually, somebody will probably add it. If you use external helpers for something, they can add annotations as well (v3.3?). Similarly, the "note" option can be enhanced to work before logging. This way, the annotations can be added in squid.conf directly. Or one could add an "such and such adaptation service was used" ACL. It would be handy in several use cases. There are probably other options as well. HTH, Alex. This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
