Search squid archive

ACL dst handled differently in intercept after rewrite

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I've got a squid server running which allows direct proxy and also can intercept traffic:

http_port 10.0.0.1:3128
http_port 10.0.0.1:3129 intercept

---

There is a URL rewriter which allows the incoming requests (this is just an example, I don't really allow all):

url_rewrite_access allow all
url_rewrite_program /usr/bin/myrewriter

---

This rewriter will rewrite some URLs to a host on the same network, with the intention that the request should not be cached by squid, eg
http://example.net/somefile.bin -> http://10.0.0.2/example.net/somefile.bin
So a cache_deny directive is used for this:

acl local_store dst 10.0.0.2
cache deny local_store

---

Now when requesting this URL using a defined proxy the ACL matches and the request is not cached. If using intercept the ACL does not match and it does get cached (which caused some storage duplication on the network)
The debug info shows the following:

Proxy:
curl -x "10.0.0.1:3128" "http://example.net/somefile.bin" > /dev/null
Ip.cc(95) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 10.0.0.2/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (10.0.0.2)  vs 10.0.0.2-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]

Intercept:
curl "http://example.net/somefile.bin" > /dev/null # Intercepted on the NAT tables
Ip.cc(95) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 93.184.216.34:80/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (93.184.216.34:80)  vs 10.0.0.2-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]

This seems to show that the ACL is processed at a different stage for the two different modes. Now I'm wondering if this is intentional and I shouldn't be using the 'dst' ACL here, or should it be more consistant and give the same result regardless?

I have a solution to use the 'url_regex' ACL instead which seems consistant between the two modes, but it may slightly affect performance.

I couldn't find a huge amount of info on what order the ACLs are processed, so if anybody could let me know what the expected behaviour should be that would be much appreciated.

Thanks,
Craig
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux