On 4/02/2017 8:27 a.m., Christos Tsantilas wrote: > ... such as ERR_ACCESS_DENIED with HTTP/403 Forbidden triggered by an > http_access deny rule match. > > The old code allowed ssl_bump step1 rules to be evaluated in the > presence of an error. An ssl_bump splicing decision would then trigger > the useless "send the error to the client now" processing logic instead > of going down the "to serve an error, bump the client first" path. > > Furthermore, the ssl_bump evaluation result itself could be surprising > to the admin because ssl_bump (and most other) rules are not meant to be > evaluated for a transaction in an error state. This complicated triage. > > Also polished an important comment to clarify that we want to bump on > error if (and only if) the SslBump feature is applicable to the failed > transaction (i.e., if the ssl_bump rules would have been evaluated if > there were no prior errors). The old comment could have been > misinterpreted that ssl_bump rules must be evaluated to allow an > "ssl_bump splice" match to hide the error. > > This is a Measurement Factory project. >
+1. Please apply. Amos _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev