[squid-users] how to use client_delay_access without a named ACL ?
Amos Jeffries
squid3 at treenet.co.nz
Tue Jul 7 14:10:27 UTC 2015
On 8/07/2015 1:26 a.m., Bodo Teichmann wrote:
> Hi,
> Since using "client_delay_parameters" in the "normal" way, using
> client_delay_access 1 allow <acl>
> is prevented by
> http://bugs.squid-cache.org/show_bug.cgi?id=3696
>
> therefore Amos Jeffries wrote on Apr 02, 2013
>
>> client_delay_access is tested as soon as the TCP SYN packet has been
>> accepted. All Squid has for ACLs to work with at that point is the
>> IP:port of each end of the client TCP connection.
> Which I don't understand
> And he wrote further:
>> client_delay_access can be used with: src, arp, localip / myip,
>> localport / myport.
>> "myportname" ACL should in theory work as well, but looking at the
>> code I see the required details are not yet passed to the ACL code
>> properly so that is broken.
>
> Therefore I tried to use client_delay_access without a named ACL, an using "src" directly, but was not able to find a valid syntax for it.
> e.g. I tried in /etc/squid3/squid.conf (using squid 3.4.8) :
>
> client_delay_access 1 allow src 10.41.1.205/32
>
> but just get an syntax error :
>
> ACL not found: src 10.41.1.205/32
>
> Any idea/example on how to actually use client_delay_access 1 allow ..... ?
Squid always requires ACls to be named.
"myportname" is the *type* of a certain ACL, which is not working.
PS. AFAIK the bug is unrelated to the ACL naming business. It happens
with a plain src type ACL as well. So if you are hitting it at all, you
wont be able to use the feature until its fixed by someone.
Amos
More information about the squid-users
mailing list