[squid-users] rep_header not working

Amos Jeffries squid3 at treenet.co.nz
Tue Jul 19 07:29:35 UTC 2016 

On 19/07/2016 7:26 p.m., Amos Jeffries wrote:
> On 19/07/2016 5:48 p.m., Omid Kosari wrote:
>> Amos Jeffries wrote
>>> On 19/07/2016 2:42 a.m., Omid Kosari wrote:
>>>> Hello,
>>>>
>>>> It seems rep_header does not work at all.
>>>>
>>>> acl mshit rep_header X-SHMSCDN .
>>>> acl mshit rep_header Content-Type -i text\/html
>>>> acl html rep_header Content-Type -i ^text\/html
>>>> acl apache rep_header Server ^Apache
>>>> debug_options 28,3
>>>>
>>>
>>> If thats all you put in the config, theres nothing telling Squid when to
>>> use the ACL.
>>>
>>> PS. the other thread where you posted better details of the problem and
>>> config has already been answered, so I wont repeat the details here.
>>>
>>
>> I thought acl should match even if nothing to do with it . ok .
>>
>> now
>> #acl mshit rep_header X-SHMSCDN HIT
>> #acl mshit rep_header X-SHMSCDN .
>> acl mshit rep_header X-Shmscdn -i HIT
>> acl testip src 192.168.1.10
>> http_access deny testip mshit
>>
>> Maybe the problem is  "any of the known reply headers" as Eliezer mentioned
>> in other thread . If so what is the meaning of  known (please refer me to
>> source file in squid to not ask more questions about it :) ) ? Also is there
>> a way to work with unknown headers ?
>>
> 
> The rep_header ACL code is at [1] which indicates the match()'ing
> function is the generic HTTP headers matching function from [2], applied
> to the HTTP reply object headers.
> 
> [1]
> <http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/src/acl/HttpRepHeader.cc>
> 

Oops. [2] is
<http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/src/acl/HttpHeaderData.cc>


> I see in [2] that both registered header ID (aka "known headers") and
> by-name (custom header lookup) are tested. So your ACL should be
> locating the custom header *if* it exists in the relevant reply headers.
> 
> That 'if' is important, the HTTP state is not always what one thinks it
> is. As demonstrated by the *real* traffic flow in my first reply to the
> "Wrong req_header result in cache_peer_access when using ssl_bump" thread.
> 

Amos

More information about the squid-users mailing list