[squid-users] Display eCAP meta-information on Squid error-page

Alex Rousskov rousskov at measurement-factory.com
Tue Jun 5 15:19:51 UTC 2018

On 06/05/2018 03:27 AM, chgerber wrote:
> "It is best to use %note logformat %code for logging annotations. 
> The %adapt::<last_h code is meant for adaptation services debugging (and 
> to work around the current ICAP code lack of support for annotations)." 

> How exactly can I use %note to log the same information to access.log? For
> example assume I use "%{my-ecap-header}adapt::<last_h" how can I log the
> same using %note as you suggested? 

  logformat myLog ... adapter-decision=%{my-ecap-header}note ...
  access_log ... myLog ...

Newer Squids may also support a more natural %note{my-ecap-header}
syntax. Use that if you can.

> Can I apply ACL's to annotations served by eCAP adapters.

Yes, of course. The note ACL does not know where the annotation came
from. Just make sure that you are using the directives that are checked
after Squid receives transaction annotations from your eCAP adapter.

For example, using http_access will not work in most cases because
(SslBump exceptions aside) that directive is only checked before Squid
talks to eCAP adapter(s). However, there is adapted_http_access that is
checked after request adaptations.

> Say when
> %{my-ecap-header}adapt::<last_h or the same solution with %note respectively
> (see first part of post) returns "bad" I want squid to deny the access and
> grant access when it returns "good"?

This sketch is a possible starting point:

  acl badRequest note my-ecap-header bad
  adapted_http_access deny badRequest
  adapted_http_access allow all

The exact correct configuration would depend on the specifics of your
use case. For example, the above allows unrated requests, but you may
want to block (some of) them.



More information about the squid-users mailing list