On 25.09.2012 10:06, Alex Rousskov wrote:
> Hello,
>
> I would like to add support for explicit OR ACLs:
>
> # ACL name will match if and only if any of its acl* ACLs match.
> # The first matching acl (left-to-right) stops evaluation.
> acl name or acl1 acl2 ...
>
>
> As you know, existing Squid ACL rules are meant to be functionally
> complete: they can express any combination of logical conditions
> expressed by individual ACLs. However, specifying the right
> combination
> may require a very long and confusing configuration file.
>
> I recently came across a real-world case where 20 reasonable
> http_access
> access rules had to be converted into more than 100 rules just to add
> a
> single "or the user does not need authentication" condition into the
> "middle" of an existing rule set. The solution was so "big" and
> required
> such a rewrite of the existing rules that the admin thought that it
> would be impossible to support his needs using Squid ACLs!
Can you let me have a look at this config before and after?
I'm having difficulty figuring out / understanding how a single boolean
test condition can inflate the stanza by more than 50% when the NAND
operation is available.
Amos
Received on Mon Sep 24 2012 - 23:46:40 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 25 2012 - 12:00:10 MDT