[squid-users] acls with the same name, last wins
Alex Rousskov
rousskov at measurement-factory.com
Mon Jan 2 05:40:00 UTC 2017
On 12/29/2016 10:44 PM, Amos Jeffries wrote:
> The intended design for ACLs is that basic/primitive tests check one
> piece of state data and get chained explicitly in the access lines for
> AND/OR conditions. That way it is clear what is being processed and
> matched (or not matched).
The intended design is to OR same-name ACL lines, just like Ivan
expected. We cannot wiggle ourselves out of that fundamental rule by
pointing to those squid.conf directives that support similar ORing
logic. The behavior reported by Ivan is probably just an unintentional
consequence of header ACL _implementation_ rather than a conscious
design error.
FWIW, IMHO, effectively ignoring some ACLs is a serious bug!
> So for now I am making Squid produce a config ERROR when this config
> situation is found.
Thank you. A non-fatal ERROR is the right temporary "change" until this
bug is properly fixed.
Alex.
More information about the squid-users
mailing list