[squid-users] rep_header not working

Amos Jeffries squid3 at treenet.co.nz
Tue Jul 19 07:26:07 UTC 2016


On 19/07/2016 5:48 p.m., Omid Kosari wrote:
> Amos Jeffries wrote
>> On 19/07/2016 2:42 a.m., Omid Kosari wrote:
>>> Hello,
>>>
>>> It seems rep_header does not work at all.
>>>
>>> acl mshit rep_header X-SHMSCDN .
>>> acl mshit rep_header Content-Type -i text\/html
>>> acl html rep_header Content-Type -i ^text\/html
>>> acl apache rep_header Server ^Apache
>>> debug_options 28,3
>>>
>>
>> If thats all you put in the config, theres nothing telling Squid when to
>> use the ACL.
>>
>> PS. the other thread where you posted better details of the problem and
>> config has already been answered, so I wont repeat the details here.
>>
> 
> I thought acl should match even if nothing to do with it . ok .
> 
> now
> #acl mshit rep_header X-SHMSCDN HIT
> #acl mshit rep_header X-SHMSCDN .
> acl mshit rep_header X-Shmscdn -i HIT
> acl testip src 192.168.1.10
> http_access deny testip mshit
> 
> Maybe the problem is  "any of the known reply headers" as Eliezer mentioned
> in other thread . If so what is the meaning of  known (please refer me to
> source file in squid to not ask more questions about it :) ) ? Also is there
> a way to work with unknown headers ?
> 

The rep_header ACL code is at [1] which indicates the match()'ing
function is the generic HTTP headers matching function from [2], applied
to the HTTP reply object headers.

[1]
<http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/src/acl/HttpRepHeader.cc>

[2]
<http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/src/acl/HttpRepHeader.cc>

I see in [2] that both registered header ID (aka "known headers") and
by-name (custom header lookup) are tested. So your ACL should be
locating the custom header *if* it exists in the relevant reply headers.

That 'if' is important, the HTTP state is not always what one thinks it
is. As demonstrated by the *real* traffic flow in my first reply to the
"Wrong req_header result in cache_peer_access when using ssl_bump" thread.

Amos



More information about the squid-users mailing list