[squid-users] Header Access Problem

Hello all,

it's my first post here - hope i do everything right.

my constellation:

Squid 2.7 Stable 8 and also tried with a 3 Version
OS Windows 2000/XP tried both
My Problem is version and OS independent

my problem:

Try to remove a existing http header from a response fom the Ebay
Server. it's a advertising cookie.

to my understanding the ACL keyword rep_header is used for ACL's

1. Try

add the following (Version 2.7):

acl cebay rep_header Set-Cookie ebay
header_access Set-Cookie deny cebay

the logfile show the following:

2012/11/27 16:02:20| aclMatchIp: '192.168.178.11' found
2012/11/27 16:02:20| aclMatchAclList: returning 1
2012/11/27 16:02:20| aclCheck: match found, returning 1
2012/11/27 16:02:20| aclCheckCallback: answer=1
2012/11/27 16:02:20| The request GET http://www.ebay.de is ALLOWED,
because it matched 'localnet'
2012/11/27 16:02:20| aclMatchAclList: checking cebay
2012/11/27 16:02:20| aclMatchAcl: checking 'acl cebay rep_header
Set-Cookie ebay'
2012/11/27 16:02:20| aclMatchAclList: no match, returning 0
2012/11/27 16:02:20| aclMatchAclList: checking cebay
2012/11/27 16:02:20| aclMatchAcl: checking 'acl cebay rep_header
Set-Cookie ebay'
2012/11/27 16:02:20| aclMatchAclList: no match, returning 0
2012/11/27 16:02:20| aclMatchAclList: checking cebay
2012/11/27 16:02:20| aclMatchAcl: checking 'acl cebay rep_header
Set-Cookie ebay'
2012/11/27 16:02:20| aclMatchAclList: no match, returning 0
2012/11/27 16:02:20| aclMatchAclList: checking cebay
2012/11/27 16:02:20| aclMatchAcl: checking 'acl cebay rep_header
Set-Cookie ebay'
2012/11/27 16:02:20| aclMatchAclList: no match, returning 0
2012/11/27 16:02:20| aclMatchAclList: checking cebay
2012/11/27 16:02:20| aclMatchAcl: checking 'acl cebay rep_header
Set-Cookie ebay'
2012/11/27 16:02:20| aclMatchAclList: no match, returning 0
2012/11/27 16:02:20| aclMatchAclList: checking all
2012/11/27 16:02:20| aclMatchAcl: checking 'acl all src all'
2012/11/27 16:02:20| aclMatchIp: '192.168.178.11' found
2012/11/27 16:02:20| aclMatchAclList: returning 1
2012/11/27 16:02:20| aclCheck: checking 'http_reply_access allow all'
2012/11/27 16:02:20| aclMatchAclList: checking all
2012/11/27 16:02:20| aclMatchAcl: checking 'acl all src all'
2012/11/27 16:02:20| aclMatchIp: '192.168.178.11' found
2012/11/27 16:02:20| aclMatchAclList: returning 1
2012/11/27 16:02:20| aclCheck: match found, returning 1
2012/11/27 16:02:20| aclCheckCallback: answer=1
2012/11/27 16:02:20| The reply for GET http://www.ebay.de/ is ALLOWED,
because it matched 'all'

the acl cebay is checked 5 times, because of the presence of 5
Set-Cookie Header in the reply of the Ebay Server.

but non off this has a match.

The first of the Set-Cookie is always ebay and should give a match.

if i debug the program with Windb i found out, that Sub aclMatchAclList
calls the function aclMatchAcl

then here it return with 0, so checklist->reply seems to be false...

case ACL_REP_HEADER:
        if (!checklist->reply)
            return 0;
        return aclMatchHeader(ae->data, &checklist->reply->header);

dont't understand realy, that reply is empty - because it sees the
header also (5 times Set-Cookie)

am i wrong or is ther a bug.

in Squid 3 the following error is showed: "ACL is used but there is no
HTTP reply"

2. Try

added the following:

acl cebay rep_header Set-Cookie ebay
http_reply_access deny cebay

this work like i expected - get a access deny becaus of the existence of
the Set-Cookie ebay=....

when i change the acl to:
acl cebay rep_header Set-Cookie nonsession
or
acl cebay rep_header Set-Cookie dp1

access isn't denied although there is a Set-Cookie nonsession=... or
Set-Cookie dp1=...

seem like it just checks the first presence of the Set-Cookie Header Value.

Shouldn't it look for all headers?

Would appricate any help for a solution for my wish to remove a existing
Set-Cookie response.

Andreas
Received on Tue Nov 27 2012 - 15:44:13 MST