On 08/06/17 22:41, Christos Tsantilas wrote:
This ACL is essential in several use cases, including:
* After fetching a missing intermediate certificate, Squid uses the
regular cache (and regular caching rules) to store the response. Squid
deployments that do not want to cache regular traffic need to cache
fetched certificates and only them.
acl fetched_certificate transaction_initiator certificate-fetching
cache allow fetched_certificate
cache deny all
* Many traffic policies and tools assume the existence of an HTTP
client behind every transaction. Internal Squid requests violate that
assumption. Identifying internal requests protects external ACLs, log
analysers, and other mechanisms from the transactions they mishandle.
acl skip_logging transaction_initiator internal
access_log ... !skip_logging
The new transaction_initiator ACL classifies transactions based on
their initiator. Currently supported initiators are esi,
certificate-fetching, cache-digest, internal, client, and all. In the
future, the same ACL will be able to identify HTTP/2 push transactions
using the "server" initiator. See src/cf.data.pre for details.
This is a Measurement Factory project.
+1, though could you please separate the redesign of urlParse*() API
from the ACL addition. They are changes that can be done in either order
and not interdependent. In fact the urlParse change is almost identical
to one of the steps already taken in the class URI refactoring branch
years back and long overdue being merged.
Amos
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
