Search squid archive

Re: Introducing delay to HTTP 407 responses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alex,

> However, there is a difference between my August tests and this thread.
> My tests were for a request parsing error response. Access denials do not
> reach the same http_reply_access checks! See "early return"
> statements in clientReplyContext::processReplyAccess(), including:
> 
> >     /** Don't block our own responses or HTTP status messages */
> >     if (http->logType.oldType == LOG_TCP_DENIED ||
> >             http->logType.oldType == LOG_TCP_DENIED_REPLY ||
> >             alwaysAllowResponse(reply->sline.status())) {
> >         headers_sz = reply->hdr_sz;
> >         processReplyAccessResult(ACCESS_ALLOWED);
> >         return;
> >     }
> 
> I am not sure whether avoiding http_reply_access in such cases is a
> bug/misfeature or the right behavior. As any exception, it certainly
> creates problems for those who want to [ab]use http_reply_access as a
> delay hook. FWIW, Squid had this exception since 2007:

Thanks, makes sense.  It would be great if there was a way to slow down 407 responses; at the moment the only workaround I can think of is to write a log-watching script to maintain a list of offending IP/domain pairs, then write a helper to use that data to introduce delay when the request is first received (via http_access and the !all trick).  If anyone has a better option, I'm all ears.

Luke


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux