Search squid archive

Re: Confusing external acl, reply_body_max_size and EXT_LOG combo issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks alot, this work around does indeed work, once the ACL itself
was modified to not alter the EXT_LOG the second time around, if i'm
understanding correctly when an acl result is cached the ext_log it
was passed is also cached essentially as part of the key used to
lookup the result in the cache, why is this done that way and is there
a way to disable this feature?, if its not key to squid functionality
in a way i'm missing.
Cameron Charles


Level 1, 61 Davey St, Hobart, TAS, 7000.
Phone: (03) 6165 1554
Fax: (03) 6165 1550
www.getbusi.com


On 15 July 2014 17:40, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> On 15/07/2014 7:04 p.m., Cameron Charles wrote:
>> Hi,
>>
>> Im having some confusing trouble with an external acl based
>> reply_body_max_size setup, but only when the ext_log is brought into
>> things.
>>
>> I have an external acl setup as such:
>>
>>> external_acl_type response_size_type ttl=300 children-startup=2 children-idle=1 children-max=10 %URI %EXT_LOG %TAG python max_file_size_ext_acl.py
>>
>>
>> which is used to check against some external data to cache the
>> response for the reply_body_max_size directive to use, an example of
>> which is this:
>>
>>> acl response_size_31 external response_size_type 31 10.0.1.26
>>> http_access allow response_size_31
>>> reply_body_max_size 31 MB response_size_31
>>
>>
>> now this works perfectly fine, no issues what so ever, until the
>> external acl alters the EXT_LOG (and passes it back), pretty much any
>> alteration to the ext_log data causes squid to basically ignore the
>> answer it gets back from the external acl and continue on.
>> The external acl can take in the ext_log and pass it untouched out the
>> other side no issues too, so it doesnt appear to be simply the fact
>> its passing the ext_log back.
>>
>> Im really stumped at to whats going on here, any help would be appreciated.
>>
>> Cameron Charles
>>
>
> Whats going on here is that reply_body_max_size is a "fast" ACL. So ACLs
> like external require a pre-cached helper response if they are going to
> match at all.
>
> When the helper is executed in http_access there is no EXT_LOG value (or
> TAG by the way). So the helper is being called with "%URI - -".
>
> On the reply_body_max_size the http_access has aready been called. So
> the helper cache is checked for the lookup, but this time using the
> EXT_LOG value given by the previous lookup. Which probably does not
> exist in the cache.
>
> This workaround may work for you, it calls the helper twice in
> http_access where the lookup using log entry value can be waited on:
>   http_access allow response_size_31 response_size_31
>
>
> Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux