On Wed, 21 Apr 2004 [EMAIL PROTECTED] wrote: > It seems like the problem only occurs in conjunction with the > http_reply_access. > > Any ideas? (My current workaround is a script that reads the admins group > from the LDAP-directory and writes the members into a file. Told squid to > read the "admins" acl from the file instead of the LDAP-directory. That > basically works but is not really elegant )
http_reply_access is somewhat limited in Squid-2.5 in that it cannot wait for any form of external lookup to complete (external, dns etc). You can work around this quite well (but not 100%) by making sure the same acls is evaluated in http_access, allowing Squid to cache the result before processing your http_reply_access rules. A simple method to have acls evaluated in http_access without affecting the http_access outcome is to use combine them with a dummy acl that will never match anything acl nothing src 0.0.0.0/32 http_access deny acl_that_needs_to_be_evaluated nothing somewhere before where access is allowed.. Regards Henrik
