Re: Squid3 with multiple ICAP Services

From: Amos Jeffries <squid3@dont-contact.us>
Date: Wed, 26 Sep 2007 11:53:57 +1200 (NZST)

> On Tue, 2007-09-25 at 13:08 -0400, Richard Bishop wrote:
>
>> I would suggest that there should be an option to bypass particular
>> services based on the results of earlier services - i.e. values of
>> ICAP headers returned in the response. In the case of multiple
>> chained virus scanners, this would mean that the presence of an
>> X-Virus-Found after the first transaction (indicating the first
>> scanner found a virus and rewrote the body), would then skip the other
>> services since we then know this rewritten body to be clean.
>
> It would be difficult to support a flexible decision making in
> squid.conf (we need a better configuration/scripting language for that),
> but we can try to support a few typical scenarios. Specific squid.conf
> designs to address this need are very welcome!

It occurs to me that a method superficially similar to that used for
cache_peer could look nice here.

 - define icap_service with specific details, options +name on a single line
 - define icap_access <name> <acl ...>

That way you would become independant of the number and config order of
icap services. The ACL side would also allow a checklist of criteria to
use-or-skip any given ICAP when its reached.

>
>> It is certainly pointless (and slow) to buffer data that could be
>> piped straight into the next service and onto the client.
>
> In some cases, buffering request bodies is impossible because they are
> too large to be buffered in RAM (e.g., large PUT requests).
>
> Alex.
>

Amos
Received on Tue Sep 25 2007 - 17:54:17 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:05 MDT