[squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?
Alex Rousskov
rousskov at measurement-factory.com
Mon Sep 26 16:25:07 UTC 2016
On 09/26/2016 09:44 AM, Yuri Voinov wrote:
> I have to adaptation service A, which has the access list "All".
>
> And B adaptation service that has access list "only text types".
> I want to chain both services in adaptation_service_chain with next logic:
> In this scheme, service A must adapt all content and pass positive
> (adapted) results to service B, which must filter and adapt only text
> types from incoming transaction, and pass another unchanged.
The last part does not make sense to me: Why send non-text messages to
service B that does not want them? I assume you meant that Squid should
not send service B non-text messages at all.
> Question: Does this scheme of adaptation possible?
Yes, there are several ways to accomplish this.
1. Static decision using ACLs:
adaptation_service_chain vegetarianChain serviceA serviceB
acl messageIsText ...
adaptation_access vegetarianChain messageIsText
adaptation_access serviceA all
2. Dynamic decision inside ServiceA:
Modify ServiceA to emit an appropriate ICAP X-Next-Services header
[for text messages]. Do not forget to configure ServiceA with
routing=on! Search for X-Next-Services in squid.conf.documented.
> If yes - how it can be done, given the fact that the service A can block
> access to content and has an inside access control from a subset of
> "All", and the service B has an outside access control list (squid's
> driven)?
You can generalize the above solutions to virtually any combination of
access lists. Just do not think in terms of access control lists for
individual services. Think of access control lists for chains (a
single-service chain is just a corner case which you can optimize by
replacing the chain with the service as shown in #1 above).
HTH,
Alex.
More information about the squid-users
mailing list