Alex Rousskov wrote: > On Thu, 2007-03-22 at 16:26 +0100, Kinkie wrote: > >> In this regard I see the ICAP server not to be any different from a >> proxy server, of which it is simply an extension. > > Whether the trust boundary includes both the proxy and the ICAP server > depends on the setup. Being an "extension" is not always the same as > being a "trusted extension". And there may be several trust categories > involved. >
Moreover we must not be absolutely sure that the icap servers will always be located at the same site as the proxy. Maybe in the future some icap-services will be public available for use by everyone...... > P.S. Still, "sending all the information that the proxy server has to > the ICAP server" is similar to sending all that information to another > proxy server: Sometimes it is appropriate, sometimes it is not. The > patch, however, does not affect what information is sent to the ICAP > server. The ICAP rfc something says about hop-by-hop headers. Now squid always forwards the Proxy-Authorization header for example to the icap server ... Regards, Christos