[squid-dev] A new 'has' ACL

Eduard Bagdasaryan eduard.bagdasaryan at measurement-factory.com
Sun Apr 30 13:05:47 UTC 2017


Hello,


I am working on a new 'has' ACL:

   acl aclname has <component>

where "component" is one of the following three tokens: request, 
response, or ALE.
For example:

   acl hasRequest has request

Multiple components on one ACL line are not supported because they
would have to be ORed and ORing components would probably go against
admin expectaions in most cases:

   acl hasWhatMyLoggingDaemonNeeds has request response # XXX: Likely to 
be wrong!

Multiple same-name ACL lines would still be ORed to support arguably
rare use cases where ORing is appropriate:

   # OK, this strange logging daemon needs request or response,
   # but can work without either a request or a response:
   acl hasWhatMyLoggingDaemonNeeds has request
   acl hasWhatMyLoggingDaemonNeeds has response

This new ACL addresses a TODO in item #3 of trunk revision 14752,
adding that 'missing' configuration option.

For example, the following configuration:

   acl logMe note important_transaction
   access_log ... logformat=detailed logMe

gives such 'noise' warning messages:

   2017/01/06 12:54:46 kid2| WARNING: logMe ACL is used in context 
without an HTTP request. Assuming mismatch.
   2017/01/06 12:54:46 kid1| WARNING: logMe ACL is used in context 
without an HTTP request. Assuming mismatch.

Once the "has" ACL is available, the admin can do either:

   acl logMe note important_transaction
   access_log ... logformat=detailed hasRequest logMe

   or even

   acl logMe note important_transaction
   access_log ... logformat=detailed hasRequest logMe
   access_log ... logformat=brief !hasRequest logMe

  If you think these specs miss something important, let's discuss.


  Thanks,
  Eduard.



More information about the squid-dev mailing list