Martin Sperl wrote:
> Hi!
>
> We have the following (essential) ICAP configuration with squid 3.1.3:
> adaptation_access modify_request allow HTTP GETPOST hosts_allowed
> adaptation_access modify_request deny all
> adaptation_access modify_response allow HTTP GETPOST hosts_allowed modify_response_mimetype
> adaptation_access modify_response deny all
>
> The ICAP request modification server rewrites the host of the URL that is really proxied.
>
> But then on the response-modification the hosts_allow ACL does no longer match as it seems to match the translated URL, which is obviously different (and dynamic, so we cannot configure it in squid).
>
> So is there a ACL construct that we may use to say: everything where the request has been modified matches, so that we can use this ACL instead of "hosts_allowed" in the "adaptation_access modify_response" command?
Nothing of that description exists at present.
The easiest way is to use request header matching to identify a header
your ICAP server adds.
Though if you have no control over the ICAP server and it changes no
headers (strange, but possible) external_acl_type (for req) and a tag
ACL (for resp) can be a quite hacky workaround.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.4Received on Wed Jun 16 2010 - 12:15:29 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 16 2010 - 12:00:03 MDT