Re: [squid2.5-icap] patch: X-Server-IP support

From: Olivier \ <olivier@dont-contact.us>
Date: Fri, 23 Dec 2005 01:03:17 +0100

Duane Wessels wrote:
> The patch is nice and simple, so I don't have any problems with it.

Cool :)

> There is this, however:
>
> + if (Config.icapcfg.send_server_ip || service->flags.need_x_server_ip)
>
> The Squid admin might believe that setting 'icap_send_server_ip off'
> means Squid would never send the IP address to ICAP. But Squid
> will in fact send the IP if the ICAP server asks for it.

Sure, this is a negociation question (OPTIONS). I took the default
behavior that was implemented in squid, to be consistent.

> Its probably not a big deal because most people don't care about
> the "privacy" of an origin server IP address. But some might.
>
> I suggest adding a comment to squid.conf to explain that the server
> IP address would be sent regardless of the icap_send_server_ip
> setting if the ICAP server OPTIONS response says "X-Include:
> X-Server-IP"
>
> Otherwise, maybe the logic should be && instead of || ?

I agree with your last proposal: in squid.conf, it could be defined
as: "Allow Squid to send the origin ip if asked by the ICAP server"
(on/off)

Since this is a X-ICAP-* header (optional), Squid must have the last
word on the subject.

/olivier
Received on Thu Dec 22 2005 - 17:03:20 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:03 MST