[squid-dev] [RFC] ICAP external acl services

Sun Jun 19 18:53:02 UTC 2016

Hey,

Alex mentioned long ago the idea\option to add an ICAP service as an
external_acl helper.

I want to highlight my understanding of couple things about the subject.

Currently external_acl helpers are required to "decide" on an action based
only on couple basic parts of the request.

It's not bad or wrong but ICAP can extend squid helpers assistance.

It can extend the decision to the brief request and response details.

Alex mentioned at the time that ICAP services implements ACLs but in a form
which the interface maybe was not designed for.

I think that the ICAP services interface usage might be used a bit "off" to
what it was designed for but it seems OK to me for many cases.

Also any ICAP implementation requires a more deep understanding of HTTP in
general which has it's own pros and cons.

The main benefit of an ICAP service as I see it is that it's not bound to
squid or c++ compared to eCAP.
Means I like ICAP better and maybe since I have better luck with it.

And to the actual implementation idea:

There are couple options on how an ICAP service should respond.

I think that "OK" or "ERR" are good but a "DUNNO" ie use default action
could be used.

I hope that you have comments to write about the subject.

Will it be good to add ICAP based external acl interfaces?

Maybe it's too complex?

Are there any benefits to external_acl helpers over ICAP services?

Thanks,

Eliezer

----

Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> 
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160619/6809ad08/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11317 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160619/6809ad08/attachment.png>