Squid 2.2.STABLE2 and ACLs

Though I suspect the (apparent) problem was there before, but is only now
reported, I just tried Squid 2.2.STABLE2 and was disconcerted by the
following reports at startup:

1999/05/04 13:21:19| WARNING: jpet.aspetjournals.org is a subdomain of
intl-jpet.aspetjournals.org
1999/05/04 13:21:19| WARNING: This may break Splay tree searching
1999/05/04 13:21:19| WARNING: You should remove
'intl-jpet.aspetjournals.org' from the ACL named 'other-direct'
1999/05/04 13:21:19| WARNING: molpharm.aspetjournals.org is a subdomain of
intl-molpharm.aspetjournals.org
1999/05/04 13:21:19| WARNING: This may break Splay tree searching
1999/05/04 13:21:19| WARNING: You should remove
'intl-molpharm.aspetjournals.org' from the ACL named 'other-direct'
1999/05/04 13:21:19| WARNING: dmd.aspetjournals.org is a subdomain of
intl-dmd.aspetjournals.org
1999/05/04 13:21:19| WARNING: This may break Splay tree searching
1999/05/04 13:21:19| WARNING: You should remove 'intl-dmd.aspetjournals.org'
from the ACL named 'other-direct'

The other-direct ACL is used with always_direct to force access to those
e-journal sites (among others) to go direct rather than via parent caches,
which would get denied by access controls - defined as

acl other-direct dstdomain "/opt/squid/current/etc/always-direct.conf"
always_direct allow other-direct

As worded, the warning messages are either wrong or misleading/confusing.

Is the reality that

(a) this is a newly introduced bug, that simply needs to be fixed, or

(b) something Squid cannot handle, and there's no way to match that pair
of hosts except by listing the domain instead, which in our case could
result in higher network usage charges for no reason other than a
shortcoming in Squid, or

(c) something Squid cannot handle in the obvious way, but hostname matching
is trailing substring match rather than exact match (yuk, if so!), so
that listing just the shorter version would also match the longer (but
potentially also random other names that happen to end with the same
substring, potentially incurring network charges that should be avoided), or

(d) An incorrect diagnostic, so that listing both hosts of each pair will
work just fine, and the warnings should be ignored.

I hope the answer will be (a) or (d), but am rather worried it will be (b)
or (c).

If it's either (b) or (c), I think there needs to be clearer documentation
of how matching works, as well as making clear that overlapping names are
not allowed - there's no hint of either issue in the comments in the sample
config file, which is the nearest thing to current documentation for Squid,
except for those few aspects that get more detailed coverage in the FAQ etc.
[A previous problem had resulted in me being told that you can't list
entries for both a hostname and its parent domain, otherwise I'd have been
more surprised and confusd by the warning messages...]

Also - is this new with Squid 2.2, or is the problem there (but not
reported) in earlier Squid 2 versions?

                                John Line

-- 
University of Cambridge WWW manager account (usually John Line)
Send general WWW-related enquiries to webmaster@ucs.cam.ac.uk