RE: [squid-users] ICAP and "selecting" corresponding adaption_access for response via ACL based on the original destination domain

Thanks - that is what I have feared...

I have tried with a header set via icap, and I can confirm it is possible to filter on the response this way - finally I can move forward!

As you have mentioned, adding the acls based on unmodified requests would be helpful...

As for notes/annotations - the man pages do not mention any of this at least in "acl" (http://www.squid-cache.org/Doc/config/acl/). Also there would be the need to allow to set/modify those notes from the config (similar to request_header_access/rewrite)

Thanks,
                Martin

-----Original Message-----
From: Alex Rousskov [mailto:rousskov_at_measurement-factory.com]
Sent: Freitag, 01. März 2013 00:37
To: Martin Sperl
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] ICAP and "selecting" corresponding adaption_access for response via ACL based on the original destination domain

On 02/28/2013 08:32 AM, Martin Sperl wrote:

> Is there another acltype besides "dstdomain" to match on the
> unmodified dstdomain instead of the icap-request modified dstdomain?

AFAIK, no.

> As a workaround: do I need to set an additional header (via
> header_access/header_replace or similar) and trigger on this acl
> (acl ... req_header <headername>) instead of modify_response_a?

Your ICAP service can add that HTTP request header while rewriting the
request. You may even be able to then filter it out on the way from
Squid using request_header_access, but whether that will delete it from
the request that Squid remembers needs to be checked/tested.

> Other ideas?

What you may want is annotations that can be set by the ICAP service in
ICAP response headers, without modifying the HTTP request header. Those
annotations can then be matched using a "note" ACL. eCAP can do
something like that already, but I think that Squid ICAP code lacks the
necessary glue. Eventually, somebody will probably add it.

If you use external helpers for something, they can add annotations as
well (v3.3?).

Similarly, the "note" option can be enhanced to work before logging.
This way, the annotations can be added in squid.conf directly.

Or one could add an "such and such adaptation service was used" ACL. It
would be handy in several use cases.

There are probably other options as well.

HTH,

Alex.

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp
Received on Fri Mar 01 2013 - 14:54:13 MST