On 24/01/2012 11:08 p.m., FredB wrote:
> Hi,
>
> I'm searching the good method for using request_header_replace with acl (dst)
>
> acl test dst 10.1.1.0/24
> request_header_access Via allow test
> request_header_access Via deny all
> request_header_replace Via 1.1 toto
>
> Sadly my header always contain toto
request_header_access is a fast ACL so it can't do DNS lookups to find
the dst IP address itself.
It also only has access to details in the HTTP request headers and src
IP address.
Using dstdomain ACL on the requested domain name it should work.
NP: using the server connection details should be technically possible
at that point however. Please file an enhancement bug request
(preferrably with patch) if it is important.
PS. I really, really hope Via is not the header you are actually
forging. It is depended on by servers and clients to be an accurate
representation of the protocol feature support along the transfer path
and a list of servers to test when things go wrong.
You set Via: by configuring the machine running Squid to have a valid
hostname with DNS and rDNS entries. Or with visible_hostname in
squid.conf if you can't be bothered setting up the server with proper
DNS records.
Amos
Received on Tue Jan 24 2012 - 11:01:19 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 24 2012 - 12:00:04 MST