Search squid archive

Re: ACL / http_access rules stop work using Squid 6+

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2024-03-22 09:38, Andre Bolinhas wrote:

In previous versions of squid, from 3 to 5.9, I use this kind of deny rules and they work like charm

acl AnnotateRule28 annotate_transaction accessrule=Rule28
http_access deny HTTP Group38 AnnotateRule28

This allows me to deny objects without bump / show the error page (deny_info)

But using squid 6+ this rules stop to work and everything is allowed.

Example:
Squid 5.9 (OK)
https://ibb.co/YdKgL1Y

Squid 6.8 (NOK)
https://ibb.co/tbyY2GV

Sample of both cache.log in debug mode

https://we.tl/t-T7Nz1rVbVu


In you v6 logs, most logged transactions are allowed because a rule similar to the one reconstructed below is matching:

    http_access allow all AnnotateFinalAllow


There are similar cases in v5 logs as well, but most denied v5 transactions match the following rule instead (i.e. the one you shared above):

    http_access deny HTTP Group38 AnnotateRule28


In your Squid configuration, v6 allow rule is listed much higher than v5 deny rule (#43 vs #149). I do not see any signs of Group38 or AnnotateRule28 ACL evaluation in v6 logs, as if the rule sets are different for two different Squid instances. Are you using the same set of http_access rules for both Squid versions?

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux