Re: [squid-users] About squid ICAP implementation

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Wed, 12 Nov 2008 21:56:37 +0100

On tor, 2008-11-13 at 05:31 +0900, Mikio Kishi wrote:

> In ACLChecklist.cc#check()
>
> > 128 /* deny if no rules present */
> > 129 currentAnswer(ACCESS_DENIED);
> > ..........
> > 188
> > 189 checkCallback(currentAnswer() != ACCESS_DENIED ? ACCESS_DENIED : ACCESS_ALLOWED);
>
> I think it may be ACCESS_ALLOWED if currentAnswer is ACCESS_DENIED, right ?

Hmm.. that indeed looks wrong..

It should be initialized to ACCESS_ALLOWED.

And affects every access list without a default.. not just icap_access.

Please file a bug report on this.

> I see. By the way, do you have any plan to support multi REQMOD icap
> servers (per request) ?

That question is best asked on the squid-dev list. I am not currently
involved in the ICAP implementation.

> >> - Question.3
> >> squid "always" sends "Allow: 204" header to icap server, right ?
> >
> > Yes, unless forcibly disabled by setting icap_preview_enable off.
>
> But, it looks more complex condition.... (checking virginBody)

Right. Confused things a litte, mixing up Allow: 204 with the preview.
Been a while since I worked with ICAP.

Allow: 204 is sent if it's known the whole message can be buffered
within the buffer limits (SQUID_TCP_SO_RCVBUF). It's not relaed to
previews.

REgards
Henrik

Received on Wed Nov 12 2008 - 20:56:47 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 13 2008 - 12:00:03 MST