Re: Re: [squid-users] acl rep_header SomeRule X-HEADER-ADDED-BY-ICAP
On 01/-10/-28163 12:59 PM, Chris Robertson wrote: Considering the fact that icap_access relies on ACLs, my guess would be ICAP is adding the headers after the rep_header ACL is evaluated. Is this possible with ICAP + Squid, or is it a bug, or just not possible? Run two Squid instances. One using ICAP to add the headers, the other blocking based on headers present. Chris I am guessing then that there is no clean way of adding such functionality. So, can you please tell me what configuration option I would use to tell the acl acting Squid to talk to the upstream ICAP acting Squid? Thank you, Trever -- Avert misunderstanding by calm, poise, and balance. -- Unknown signature.asc Description: OpenPGP digital signature
Re: [squid-users] acl rep_header SomeRule X-HEADER-ADDED-BY-ICAP
Trever L. Adams wrote: On 01/-10/-28163 12:59 PM, Chris Robertson wrote: Considering the fact that icap_access relies on ACLs, my guess would be ICAP is adding the headers after the rep_header ACL is evaluated. Is this possible with ICAP + Squid, or is it a bug, or just not possible? Run two Squid instances. One using ICAP to add the headers, the other blocking based on headers present. Chris I am guessing then that there is no clean way of adding such functionality. I'm (at best) a scripter, not a coder, so I can't answer that. I know in the 2.7 branch of Squid there is http_access2 (http://www.squid-cache.org/Doc/config/http_access2/) which acts on the post url_rewrite_program, so perhaps it would be possible to have a acl2 which would work after ICAP. To the best of my knowledge, nothing like this exists right now. So, can you please tell me what configuration option I would use to tell the acl acting Squid to talk to the upstream ICAP acting Squid? http://www.squid-cache.org/Doc/config/cache_peer/ http://wiki.squid-cache.org/Features/CacheHierarchy Thank you, Trever Chris
[squid-users] acl rep_header SomeRule X-HEADER-ADDED-BY-ICAP
I seem to be having trouble with acl rep_header trying to match against an X-Header added by ICAP from the squid server in question. acl TextAdultContent rep_header X-TEXT-CATEGORYadult.* acl TextConfidenceSolid rep_header X-TEXT-CATEGORY-CONFIDENCE SOLID acl TextConfidenceAmbiguous rep_header X-TEXT-CATEGORY-CONFIDENCE AMBIGUOUS http_access deny TextAdultContent TextConfidenceSolid I do not get any errors on loading, but it doesn't deny the connection. I do see the X-Headers in question in Firefox + FireBug so I know the correct ones are set. Is this possible with ICAP + Squid, or is it a bug, or just not possible? Thank you, Trever Adams -- Better to remain silent and be thought a fool than to speak out and remove all doubt. -- A. Lincoln signature.asc Description: OpenPGP digital signature
Re: [squid-users] acl rep_header SomeRule X-HEADER-ADDED-BY-ICAP
Trever L. Adams wrote: I seem to be having trouble with acl rep_header trying to match against an X-Header added by ICAP from the squid server in question. acl TextAdultContent rep_header X-TEXT-CATEGORYadult.* acl TextConfidenceSolid rep_header X-TEXT-CATEGORY-CONFIDENCE SOLID acl TextConfidenceAmbiguous rep_header X-TEXT-CATEGORY-CONFIDENCE AMBIGUOUS http_access deny TextAdultContent TextConfidenceSolid I do not get any errors on loading, but it doesn't deny the connection. I do see the X-Headers in question in Firefox + FireBug so I know the correct ones are set. Considering the fact that icap_access relies on ACLs, my guess would be ICAP is adding the headers after the rep_header ACL is evaluated. Is this possible with ICAP + Squid, or is it a bug, or just not possible? Run two Squid instances. One using ICAP to add the headers, the other blocking based on headers present. Thank you, Trever Adams Chris
