FW: [squid-users] Why doesn't REQUEST_HEADER_ACCESS work properly with aclnames?

From: Jenny Lee <bodycare_5_at_live.com>
Date: Wed, 8 Jun 2011 17:01:39 +0000

I just realized that "Cookie" headers are also not obeyed when going through peers.
 
Everything works going direct, but nothing works if you are using any peers.
 
I surely cannot be the only person out of all squid users that is bitten by this anomaly.
 
Jenny
 
 

> From: bodycare_5_at_live.com
> To: squid3_at_treenet.co.nz; squid-users_at_squid-cache.org
> Date: Thu, 28 Apr 2011 19:25:27 +0000
> Subject: RE: [squid-users] Why doesn't REQUEST_HEADER_ACCESS work properly with aclnames?
>
>
> > > It seems to me that ACL SRC is NEVER checked when going to a Peer.
> > >
> > > WHAT I WANT TO DO:
> > > acl OFFICE src 1.1.1.1
> > > request_header_access User-Agent allow OFFICE
> > > request_header_access User-Agent deny all
> > > request-header_replace User-Agent BOGUS AGENT
> > >
> > >
> > > [OFFICE UA should not be modified whehter going direct or through a peer]
> > >
> > > Thanks,
> > >
> > > Jenny
> > >
> > > PS: Running 3.2.0.7 on production and works good and reliably. The UA issue above is present on both 3.2.0.1 and 3.2.0.7.
> >
> >
> > Okay, this is going to need a cache.log trace for "debug_options 28,9"
> > to see what is being tested where.
>
>
> No difference whatever is done. PEER1, !PEER1, !PEER2... No peer... Seperate lines...
>
> SRC IP is never available, so it always fails. PEER is available though, I can make it work with using just PEER1. Going direct works also as expected.
>
> Thanks.
>
> Jenny
>
>
> kid1| ACLChecklist::preCheck: 0x7ffff504abc0 checking 'request_header_access User-Agent allow OFFICE_IP !PEER1'
> kid1| ACLList::matches: checking OFFICE_IP
> kid1| ACL::checklistMatches: checking 'OFFICE_IP'
> kid1| aclIpAddrNetworkCompare: compare: [::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00] ([::]) vs 2.2.2.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00]
> kid1| aclIpMatchIp: '[::]' NOT found
> kid1| ACL::ChecklistMatches: result for 'OFFICE_IP' is 0
> kid1| ACLList::matches: result is false
> kid1| aclmatchAclList: 0x7ffff504abc0 returning false (AND list entry failed to match)
Received on Wed Jun 08 2011 - 17:01:46 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 09 2011 - 12:00:01 MDT