[squid-users] What happens when duplicate external_acl_type are mentioned

Alex Rousskov rousskov at measurement-factory.com
Sun Dec 2 04:03:29 UTC 2018

On 12/1/18 3:11 AM, Amos Jeffries wrote:
> On 1/12/18 6:32 pm, Amish wrote:
>> Effectively squid.conf now has two external_acl_type lines with same
>> name. (ipuser)
>> First one has %ul and other one does not.
>> From my tests - first one gets the priority and second one is ignored by
>> squid.

>> 1) Can I assume this to be always true?

> Now that you have found the lack of error message on startup one will be
> added.

I agree that adding an ERROR message is the right first step.

> It has not been a serious problem,

We cannot know that. It is quite likely that this has been a serious
problem for somebody that we did not hear from (or do not remember
hearing from). It may even be a serious problem right now for somebody
who does not know it yet!

To reduce long-term headaches, I think we should be strict and deprecate
(and then prohibit) ignoring duplicated external_acl_type declarations.

I do not see any good reasons for ignoring this configuration error
forever. FWIW, the use case discussed in this thread is not a good
reason IMO because Squid configuration in question can and should be
easily generated (probably from a stable template) to correctly
accommodate the needs of the current authentication method.



More information about the squid-users mailing list