Re: Possible to user reply_header_add directive with acl random access list ?

--Ahmad-- <ahmed.zaeem@xxxxxxxxxxxx> · Wed, 17 Jul 2019 14:55:13 +0300

Hi Amos , Thank you for you info .
indeed i read about reply header ACL That :

##############################################
One or more Squid ACLs may be specified to restrict header
	injection to matching responses. As always in squid.conf, all
	ACLs in the ACL list must be satisfied for the insertion to
	happen. The reply_header_add option supports fast ACLs only.

	See also: request_header_add.
#################################################

im not sure what do i need to let the output single value and not multiple values .

about your Question :
1- why mutiple replies do we recieve not single reply ?

What do you mean by "multiple replies" ?
————> i mean i would like the result to be as below :

* Rebuilt URL to: ifconfig.io/
*   Trying 12.13.100.250...
* TCP_NODELAY set
* Connected to 12.13.100.250 (12.13.100.250) port 2000 (#0)
* Proxy auth using Basic with user 'hi'
> GET http://ifconfig.io/ HTTP/1.1
> Host: ifconfig.io
> Proxy-Authorization: Basic YmVuOmJlbg==
> User-Agent: curl/7.54.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
< Date: Wed, 17 Jul 2019 09:34:57 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 40
< Connection: keep-alive
< start: A
< 
12.13.100.1
* Connection #0 to host 12.13.100.250 left intact

* Rebuilt URL to: ifconfig.io/
*   Trying 12.13.100.250...
* TCP_NODELAY set
* Connected to 12.13.100.250 (12.13.100.250) port 2000 (#0)
* Proxy auth using Basic with user 'hi'
> GET http://ifconfig.io/ HTTP/1.1
> Host: ifconfig.io
> Proxy-Authorization: Basic YmVuOmJlbg==
> User-Agent: curl/7.54.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
< Date: Wed, 17 Jul 2019 09:34:57 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 40
< Connection: keep-alive
< start: B
< 
12.13.100.2
* Connection #0 to host 12.13.100.250 left intact

* Rebuilt URL to: ifconfig.io/
*   Trying 12.13.100.250...
* TCP_NODELAY set
* Connected to 12.13.100.250 (12.13.100.250) port 2000 (#0)
* Proxy auth using Basic with user 'hi'
> GET http://ifconfig.io/ HTTP/1.1
> Host: ifconfig.io
> Proxy-Authorization: Basic YmVuOmJlbg==
> User-Agent: curl/7.54.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
< Date: Wed, 17 Jul 2019 09:34:57 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 40
< Connection: keep-alive
< start: C
< 
12.13.100.3
* Connection #0 to host 12.13.100.250 left intact

* Rebuilt URL to: ifconfig.io/
*   Trying 12.13.100.250...
* TCP_NODELAY set
* Connected to 12.13.100.250 (12.13.100.250) port 2000 (#0)
* Proxy auth using Basic with user 'hi'
> GET http://ifconfig.io/ HTTP/1.1
> Host: ifconfig.io
> Proxy-Authorization: Basic YmVuOmJlbg==
> User-Agent: curl/7.54.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
< Date: Wed, 17 Jul 2019 09:34:57 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 40
< Connection: keep-alive
< start: D
< 
12.13.100.4
* Connection #0 to host 12.13.100.250 left intact

###############################################

Check the 4 tests above … those i want the result to be .
if i have external ip 12.13.100.4 , the Header should  be single and = < start: D
if i go external 12.13.100.3 ,the Header should  be single and = < start: C
if i go external 12.13.100.2 ,the Header should  be single and = < start: B
if i go external 12.13.100.1 ,the Header should  be single and = < start: B

SO basically i want 1 answer matching the acl :

acl half10000 random 1/10
acl half10001 random 1/9
acl half10002 random 1/8
acl half10003 random 1/7
acl half10004 random 1/6
acl half10005 random 1/5
acl half10006 random 1/4
acl half10007 random 1/3
acl half10008 random 1/2
acl half10009 random 1/1

as  you see above the ACLS above should be matching single values not multiple values .

and when i get multiple headers replies it doesnt satisfying my needs .

what do you think amos ?

Thanks agian 

On 17 Jul 2019, at 14:42, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:

On 17/07/19 9:41 pm, --Ahmad-- wrote:
Hi Alex, 
acl half10000 random 1/10
acl half10001 random 1/9
acl half10002 random 1/8
acl half10003 random 1/7
acl half10004 random 1/6
acl half10005 random 1/5
acl half10006 random 1/4
acl half10007 random 1/3
acl half10008 random 1/2
acl half10009 random 1/1
########################################
reply_header_add start "A" half10000
reply_header_add start "B" half10001
reply_header_add start "C" half10002
reply_header_add start "D" half10003
reply_header_add start "E" half10004
reply_header_add start "F" half10005
reply_header_add start "G" half10006
reply_header_add start "H" half10007
reply_header_add start "I" half10008
reply_header_add start "J" half10009
##############################
tcp_outgoing_address 12.13.100.1 half10000
tcp_outgoing_address 12.13.100.2 half10001
tcp_outgoing_address 12.13.100.3 half10002
tcp_outgoing_address 12.13.100.4 half10003
tcp_outgoing_address 12.13.100.5 half10004
tcp_outgoing_address 12.13.100.6 half10005
tcp_outgoing_address 12.13.100.7 half10006
tcp_outgoing_address 12.13.100.8 half10007
tcp_outgoing_address 12.13.100.9 half10008
tcp_outgoing_address 12.13.100.10 half10009

curl -x 12.13.100.250:2000    -U hi:hi  ifconfig.io  -v

* Rebuilt URL to: ifconfig.io/
*   Trying 12.13.100.250...
* TCP_NODELAY set
* Connected to 12.13.100.250 (12.13.100.250) port 2000 (#0)
* Proxy auth using Basic with user 'hi'
GET http://ifconfig.io/ HTTP/1.1
Host: ifconfig.io
Proxy-Authorization: Basic YmVuOmJlbg==
User-Agent: curl/7.54.0
Accept: */*
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 OK
< Date: Wed, 17 Jul 2019 09:34:57 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 40
< Connection: keep-alive
< start: G
< start: F
< start: E
< start: E
< 
12.13.100.2 
* Connection #0 to host 12.13.100.250 left intact

That reply does look strange. "E" should only occur once, and "J" is
missing.

another Hit :

curl -x 12.13.100.250:2000    -U hi:hi  ifconfig.io  -v

* Rebuilt URL to: ifconfig.io/
*   Trying 12.13.100.250...
* TCP_NODELAY set
* Connected to 12.13.100.250 (12.13.100.250) port 2000 (#0)
* Proxy auth using Basic with user 'hi'
GET http://ifconfig.io/ HTTP/1.1
Host: ifconfig.io
Proxy-Authorization: Basic YmVuOmJlbg==
User-Agent: curl/7.54.0
Accept: */*
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 OK
< Date: Wed, 17 Jul 2019 09:34:57 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 40
< Connection: keep-alive
< start: F
< start: A
< start: J
< start: I
< 
12.13.100.6

so as you see above , i have multiple replied headers not single one .
and the replied header even are wrong .
so wrong multiple results i do recieve .

reply_header_add does not stop with the first matching line like
http_access. Each is checked to see if that value is to be added.

So naturally each letter has a random chance of being added.

In other words;
You have configured Squid to add the header "start" between 0 and 10
times, with a selection of letters.

The tcp_outgoing_address check for which IP address to use is
independent of what headers are added. That directive *does* stop on
first matching line.

my questions is :

1- why mutiple replies do we recieve not single reply ?

What do you mean by "multiple replies" ?

2- why the recieved replies are wrong , i expect single reply based on my random acls we setup . ?

Every time a "random" type ACL is tested a new random number is selected
and checked against the match:non-match ratio you configure.

do we need other stuff with random acl to have it work with header directive ?

The ACL works as designed. You appear to have missed the fact that each
check/test of the ACL uses a different randomly selected number.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users