On 19/07/2016 5:48 p.m., Omid Kosari wrote: > Amos Jeffries wrote >> On 19/07/2016 2:42 a.m., Omid Kosari wrote: >>> Hello, >>> >>> It seems rep_header does not work at all. >>> >>> acl mshit rep_header X-SHMSCDN . >>> acl mshit rep_header Content-Type -i text\/html >>> acl html rep_header Content-Type -i ^text\/html >>> acl apache rep_header Server ^Apache >>> debug_options 28,3 >>> >> >> If thats all you put in the config, theres nothing telling Squid when to >> use the ACL. >> >> PS. the other thread where you posted better details of the problem and >> config has already been answered, so I wont repeat the details here. >> > > I thought acl should match even if nothing to do with it . ok . > > now > #acl mshit rep_header X-SHMSCDN HIT > #acl mshit rep_header X-SHMSCDN . > acl mshit rep_header X-Shmscdn -i HIT > acl testip src 192.168.1.10 > http_access deny testip mshit > > Maybe the problem is "any of the known reply headers" as Eliezer mentioned > in other thread . If so what is the meaning of known (please refer me to > source file in squid to not ask more questions about it :) ) ? Also is there > a way to work with unknown headers ? > The rep_header ACL code is at [1] which indicates the match()'ing function is the generic HTTP headers matching function from [2], applied to the HTTP reply object headers. [1] <http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/src/acl/HttpRepHeader.cc> [2] <http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/src/acl/HttpRepHeader.cc> I see in [2] that both registered header ID (aka "known headers") and by-name (custom header lookup) are tested. So your ACL should be locating the custom header *if* it exists in the relevant reply headers. That 'if' is important, the HTTP state is not always what one thinks it is. As demonstrated by the *real* traffic flow in my first reply to the "Wrong req_header result in cache_peer_access when using ssl_bump" thread. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
