On 26/02/24 06:52, Ed wrote:
On 2024-02-24 17:26+0000, Ed wrote:
In varnish land this is doable in the vcl_miss hook, but I don't know
how to do that in squid.
I think I found a way, but maybe there's a better method - I'd like to
the cache_peer_access to apply to all backends, but this does seem to do
what I was after:
acl bad_foo req_header ICAPHEADER -i foobar
cache_peer_access server_1 deny bad_foo
Assuming that an ICAP service is controlling whether the peers are to be
used that is the correct way.
However, if you have an ICAP service controlling whether a peer can be
used consider having the ICAP service just send Squid the final
response. There is a relatively huge amount of complexity, both in the
config and what Squid has to do slowing the transaction down just for
this maybe-a-HIT behaviour.
Alternatives to "cache_peer_access .. deny bad_foo" are:
A) "always_direct allow bad_foo",
If you want the request to be served, but using servers from a DNS
lookup instead of the configured cache_peer.
B) "miss_access deny bad_foo",
If you do not want the cache MISS to be answered at all.
It has been a while since I tested it, but IIRC with miss_access a
"deny_info" line may be used to change the default 403 error status into
another in the 200-599 status range. Which includes redirects,
retry-after, empty responses, and template pages responses ... whichever
suits your need best.
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
