Re: Refresh patterns and ACLs

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Thu, 28 Aug 2008 21:45:45 +0200

On tor, 2008-08-28 at 14:38 +1000, Mark Nottingham wrote:
> One of the things that came up in Sydney briefly was whether the stale-
> while-revalidate and max-stale refresh_pattern options would be better
> expressed as ACLs.

Yes...

> Taking this a bit further, could/should the same be true of the rest
> of the refresh_pattern options (and perhaps of the patterns themselves)?

Yes..

refresh_pattern regex matching really is a bit too blunt tool for what
it's being used for today.

The big question is how it should be expressed.

And to be honest the Squid acl system too is a bit too limited and
arcane to most users..

Ideally I'd like to see a more structured classification system unifying
a lot of the acl driven directives & refresh_pattern.. (well, two, one
early on the request, and one late when the response is known)

I vision a nested tree of matches (acl) and operators
(allow/deny/refresh_pattern/outgoing_ip/tos/no-cache/ignore-xxx/deny_info/logmessage/peergroup/...).

But it requires a different parser which is not single line oriented as
you can not express a tree on a single line in a meaningful manner..

request_access {
        if [!]acls.. {
                if [!]acls.. {
                        ...
                }
                ...
                accept
        }
        deny
}

Regards
Henrik

Received on Thu Aug 28 2008 - 19:45:55 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 29 2008 - 12:00:06 MDT