On 05/28/2013 10:43 AM, Chris Ross wrote:
> On May 22, 2013, at 12:55 , Alex Rousskov wrote:
>> If your external ACL can make a decision earlier (e.g., during
>> http_access checks), then you can use helper annotations API to record
>> that external ACL decision as annotations and then use a "note" ACL to
>> pick the right outgoing address depending on the previously recorded
>> annotations. The "note" ACL is fast.
> The outstanding question is how to have an external_acl helper, assumedly
> called by an http_access line, return the annotation to then later be matched
> with a "note" acl ? This was the mechanism you were suggesting, correct?
Correct. The external ACL would need to add a key=value pair to its
result line. Squid interprets kv-pairs it does not understand as
annotations. For example, the following external ACL helper response
contains a note1_ annotation with a value of value1:
OK note1_=value1
> If you have a quick pointer to the mechanism needed to return a note
> from the external_acl helper, that would be appreciated. This would be
> the "helper annotations API" you referred to, I presume. Thank you.
http://wiki.squid-cache.org/Features/AddonHelpers#Access_Control_.28ACL.29
I am not sure the above explicitly documents how custom annotations are
supported though.
The usual disclaimers about running trunk code apply. For example,
annotation values involving non-alphanumeric characters may be logged
(or perhaps even processed) in a funny way right now.
HTH,
Alex.
Received on Tue May 28 2013 - 17:20:07 MDT
This archive was generated by hypermail 2.2.0 : Wed May 29 2013 - 12:00:11 MDT