Alex Rousskov wrote:
> On Thu, 2007-03-22 at 16:26 +0100, Kinkie wrote:
>
>> In this regard I see the ICAP server not to be any different from a
>> proxy server, of which it is simply an extension.
>
> Whether the trust boundary includes both the proxy and the ICAP server
> depends on the setup. Being an "extension" is not always the same as
> being a "trusted extension". And there may be several trust categories
> involved.
>
Moreover we must not be absolutely sure that the icap servers will
always be located at the same site as the proxy. Maybe in the future
some icap-services will be public available for use by everyone......
> P.S. Still, "sending all the information that the proxy server has to
> the ICAP server" is similar to sending all that information to another
> proxy server: Sometimes it is appropriate, sometimes it is not. The
> patch, however, does not affect what information is sent to the ICAP
> server.
The ICAP rfc something says about hop-by-hop headers. Now squid always
forwards the Proxy-Authorization header for example to the icap server ...
Regards,
Christos
