[squid-users] Introducing delay to HTTP 407 responses

squid-users at filter.luko.org squid-users at filter.luko.org
Tue Oct 4 23:04:32 UTC 2016 

> > I set this up as you suggested, then triggered a 407 response from the
> cache.  It seems that way; I couldn't see aclMatchHTTPStatus or http-
> response-407 in the log:
> >
> 
> Strange. I was sure Alex did some tests recently and proved that even
> internally generated responses get http_reply_access applied to them.
> Yet no sign of that in your log.
> 
> Is this a very old Squid version?

It's a recent Squid version - 3.5.20 on CentOS 6, built from the SRPM kindly provided by Eliezer.

> Or are the "checking http_reply_access" lines just later in the log than
> your snippet covered?

There was nothing more in the log previously posted at the point the 407 response was returned to the client.

That log did have a lot of other stuff in it though.  Using a much simpler squid.conf (attached), I tested for differences in authenticated vs unauthenticated requests, when "http_reply_access deny all" is in place.  When credentials are supplied, a http/403 (forbidden) response is provided, as you would expect.  But when credentials are not supplied, a http/407 response is provided.  The divergence seems to start around line 31 in cache_noauth.log:

Checklist.cc(63) markFinished: 0x331e4a8 answer AUTH_REQUIRED for AuthenticateAcl exception

Perhaps when answer=AUTH_REQUIRED (line 35), http_reply_access is not checked?  Another difference is that Acl.cc(158) reports async when an authenticated request is in place, but not otherwise.  If someone could give me some pointers where to look in the source, I can start digging to see if I can find out more.

Luke

-------------- next part --------------
A non-text attachment was scrubbed...
Name: cache_auth.log
Type: application/octet-stream
Size: 7534 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161005/90c8d36c/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cache_noauth.log
Type: application/octet-stream
Size: 4933 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161005/90c8d36c/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid.conf
Type: application/octet-stream
Size: 1039 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161005/90c8d36c/attachment-0005.obj>

More information about the squid-users mailing list