-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 27.09.2016 0:08, Alex Rousskov пишет: > On 09/26/2016 11:32 AM, Yuri Voinov wrote: >> 26.09.2016 23:16, Alex Rousskov пишет: >>> On 09/26/2016 10:42 AM, Yuri Voinov wrote: >>>> How can I make a chain of adaptation with >>>> different acl's for different chained services? > >>> By configuring several chains and then writing adaptation_access rules >>> to select the right chain for a given message. > > >> Ahaaaaaaaaa. I.e., I can specify chain_A with own access rules and one >> service_A in chain, and then chain_B, also with own access rules and one >> service_B, and, finally, specify chain_C with chain_A+chain_B and with >> access "all". Right? > > Whether that is right or wrong depends on the specific ACLs. Also, there > is no need to create single-service chains. If your rulesA are mutually > exclusive with rulesB, then you can use them like this: > > adaptation_access serviceA rulesA > adaptation_access serviceB rulesB > adaptation_access chainAB all > > However, again, I discourage you from saying "chain_A with own access > rulesA" because access rules do not belong to a chain. Squid evaluates > adaptation_access lines in the squid.conf order. Thus, if rulesA are NOT > mutually exclusive with rulesB, then the following configuration will > have a different effect from the above three lines: > > adaptation_access serviceB rulesB > adaptation_access serviceA rulesA > adaptation_access chainAB all > > and this configuration does not make any sense at all: > > adaptation_access chainAB all > adaptation_access serviceA rulesA > adaptation_access serviceB rulesB > > > It is better to think like this: > > adaptation_access serviceA rules1 > adaptation_access serviceB rules2 > adaptation_access chainC rules3 > > serviceA is used when and only when "rules1" matches > serviceB is used when and only when "!rules1 rules2" matches > chainC is used when and only when "!rules1 !rules2 rules3" matches > > Each message will be sent to either just serviceA, or just serviceB, or > just ChainC, or no services/chains/sets at all. Ahaaaaaaaa, yes. Understand. It is now clear. I rewrote the access rules and now adaptation works in the chain at the right logic. Thank you for your explanations and your time! > > > > HTH, > > Alex. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJX6WcFAAoJENNXIZxhPexGWfEIAL8e3Al3C2lAxoKC8qCByzch iKqBwOUbQBBoiQDsrKG0qgF4B+VMpalnO7OvtNOw/P9zcVAU27kzh643H3ynJCHY gxEtrc2wjJjM1OlIEg0qR8cs4chC+bQ9eaySJtArAFnWktS6hm7VjebgivZq5IMT eCz9EFizwVLld04QLKbOAX5cL2z8+ScumKPYH9ygEhllnNAdtg+9r3GwFJoOGPyM JebsZjUTX56SrGZyEro89T2acGWC4rwJ1+oBwcMtp+rD5RUjAUStG/4teAdPopIA R6v2hBHQSSsyttpaP9QL55JmhQmeV21FCAvyuU58pVv05UDVh4iROcWY43XY4IE= =++B5 -----END PGP SIGNATURE-----
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
