On 29/12/2011 9:01 p.m., Ming Pun wrote:
I have the following acl in my squid.confexternal_acl_type acexternal children=50 ttl=60 negative_ttl=1 %>{X-MYAUTH} /usr/local/bin/acexternal localhost acl iceauth external acexternal http_access allow iceauth http_access deny all question on TTL expiration on the external_acl_type. When a external acl cached_result is expired due to TTL timeout, seems like squid will do a async call to the external acl program, acexternal in this case above, to validate the acl request. if the async call acexternal does not return result before the "http_access deny all" is executed, will squid consider it is a 403 situation?
"deny all" will never get tested until after the async lookup has a result back. http_access is one of the ("slow" type) access controls which wait for async lookups.
Amos
