Re: Squid 2.6.STABLE12 and ICAP
Hi, I've used : cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/squid co - ricap-2_6 -d squid-2_6 squid Is it the best way to get a stable and recent version of squid icap? Thanks Regards, Ghislain Le 4 mai 07 à 13:13, Henrik Nordstrom a écrit : fre 2007-05-04 klockan 11:27 +0200 skrev Ghislain: Hi everyone, there is a compilation error on a squid 2.6.STABLE12 with the client ICAP. There is no maintained ICAP patch for Squid-2.6.STABLE. If you want Squid-2 with ICAP then please get Squid-2.HEAD and the ICAP patch from devel.squid-cache.org. But I would recommend you to try out Squid-3 ICAP instead. Get a nightly Squid-3 snapshot, and the Squid-3 ICAP patch from devel.squid- cache.org (the patch fixes a few problems with Squid-3). Regards Henrik
Squid 2.6.STABLE12 and ICAP
Hi everyone, there is a compilation error on a squid 2.6.STABLE12 with the client ICAP. In http.c at line 1144 i have: httpState-entry = storeCreateEntry(fake, fake_flags, fake_method); but httpState-entry = storeCreateEntry(fake, fake, fake_flags, fake_method); is ok for the compilation. In icap_reqmod.c at line 270 I have : method = urlParseMethod(mstr, strlen(mstr)); but urlParseMethod has change : method = urlParseMethod(mstr); In the same file at line 690 I have: RequestMethods[icap-request-method].str, but RequestMethodStr[icap-request-method], seems to be the new call requiered. I'm not really sure with these modifications ( I've made a very quick test in reqmod and squid crashes with a null pointer in a call to xstrdup... I'm not really sure about this. ). Ghislain
Squid 3.0 and logformat
Re Hi Yesterday I've forgotten to talk about logformat in squid 3.0, I have a problem with the key %{X-Provider}h in the tag logformat. With a squid 2.6, there is no problem. Any requirement? Thanks Regards, Ghislain
Re: Squid response modification
Balu a écrit : Hello All, What you are saying make sense. i am more intrested in client side squid. That is instead of using ICAP server to handle for REQMOD, We can modify squid HTTP response to add value added service like banner add..etc. Could you explain more? I understand the functionality of ICAP server, What I am thinking is rather then making squid as ICAP client, i am planning to modify the HTTP response in the squid itself before returning data to the client(browser), is that the right way do it ..? Please let me know your suggetions and pros and cons of modifying the http response in squid? I don't really know the best way but you can do something like DansGuardian ie act as a proxy. If you want to modify http response start with http.c in function httpReadReply(int fd, void *data). If it is the right way? I let developpers answer. Regards. Ghislain
Re: Squid response modification
Balu a écrit : Hello All, What you are saying make sense. i am more intrested in client side squid. That is instead of using ICAP server to handle for REQMOD, We can modify squid HTTP response to add value added service like banner add..etc. Could you explain more? ICAP not only use to set banners in a web page. This protocol is used for content modification in general ( url filtering, content filtering, virus scanning... ). If we want to do what part of squid code we need modify..? what is your suggestion/idea on this. Which verison of squid?
aclNBCheck and callback
Hi, in squid 2.5 stable 12, when aclNBCheck is called, the callback is called even if no acl has matched. Is there a tip to know in the callback if an acl has matched or not? ( Without adding a value in allow_t ) Thanks. Ghislain Garçon.
Re: aclNBCheck and callback
Henrik Nordstrom a écrit : aclNBCheck is a complete access list check, i.e. checking the whole http_access ruleset, not just a single acl element list. If your rule set is not a simple allow/deny type ruleset but you need to know which rule (not acl) was matched then this needs to be redesigned somewhat. What is it you need to match and have as result? This is to add external acl support in icap_access. As the ICAP acls depend on a class, the icapAclChecklistCreate function creates as aclCheck_t with only one acl in order to find the class associated with the acl ( i think ). Then aclNBCheck is called with this aclCheck_t ( which contains only one acl ), then i need to know in the callback if the request matches with the current acl (and setting http-request-class value) or if the other acl must be checked. Another solution would be to change aclCheck_t structure ( in order to add the icap class for each acl) and rewriting the icapAclChecklistCreate function. Which solution is the best? Thanks. Ghislain Garçon.
Question about suid's default behaviour.
Hello, I've tested squid 2.5-12 without http_acces acl and all pages are blocked. Then I created two deny http_access acls which don't match with my http requests and all pages are unfiltered. For me it is strange. I've looked in source code and found : debug(28, 3) (aclCheck: NO match found, returning %d\n, allow != ACCESS_DENIED ? ACCESS_DENIED : ACCESS_ALLOWED); aclCheckCallback(checklist, allow != ACCESS_DENIED ? ACCESS_DENIED : ACCESS_ALLOWED); at the end of aclCheck(aclCheck_t * checklist) in file acl.c. Is this swap really needed for something else? In fact I try to add external acl support in icap patch. The acl structures are not exactly the same in Icap and in squid, then I have to call aclNBCheck with only one acl. Then I had aclCheck: NO match found, returning 1 as a result of aclCheck. Ghislain Garçon
SUID-ICAP and External ACLs
Hello, I have looked for a patch in order to support external acls in icap_access rules in squid 2.5. I didn't find anything, I would like to make one. Could any one give me help about external acls and why icap_access doesn't support external acls? Thanks. Ghislain Garçon