[squid-dev] [PATCH] Fix 'miss_access' and 'cache' checks when no ACL rules matched

Amos Jeffries squid3 at treenet.co.nz
Fri May 12 14:32:53 UTC 2017


On 13/05/17 01:12, Eduard Bagdasaryan wrote:
>
> On 12.05.2017 07:54, Amos Jeffries wrote:
>> The other access lists which obviously treat non-allowed as denied 
>> are very recent additions. So using them as a template to re-write 
>> existing and widely used directives behaviour is not great. 
>
> Frankly speaking, the "cache" directive behavior changed rather
> recently (r14984), as I noted above.  Can we say that it became 
> 'widely' used
> since then? On the contrary, I suspect that this change broke (or 
> eventually
> will break) some existing installations.

That r14984 was itself carefully designed to _revert_ unintentional side 
effects hostVerify had on cache directive behaviour. Your patch is 
reverting those DUNNO occurances back to the code which had many, many 
complaints.


> I so, the only "miss_access" directive check change may
> break some installations.  Should we make an exception for this single
> directive or formalize the rules, making them identical for all 
> directives?
> Probably the latter would be better for long term.  We can postpone 
> this change
> of course, adding a warning message for admin, that
> 'dunno' or 'auth required' outcomes will be denied in future releases.
>

For cache there is the deprecation I mentioned.

For miss_access there is 
<http://bugs.squid-cache.org/show_bug.cgi?id=528>, Squid-2 miss_access 
is a slow/async lookup.

Amos



More information about the squid-dev mailing list