[squid-users] Possible to user reply_header_add directive with acl random access list ?

--Ahmad-- ahmed.zaeem at netstream.ps
Thu Jul 18 22:15:24 UTC 2019 

Ok , here we Go :

###########################################
dns_nameservers 1.0.0.1
acl markProcessed annotate_client processed=yes
acl markedProcessed note processed yes
#########################################
acl half10000 random 1/5
acl half10001 random 1/4
acl half10002 random 1/3
acl half10003 random 1/2
acl half10004 random 1/1
########################################
reply_header_add start "a" !markedProcessed half10000 markProcessed
reply_header_add start "B" !markedProcessed half10001 markProcessed
reply_header_add start "C" !markedProcessed half10002 markProcessed
reply_header_add start "D" !markedProcessed half10003 markProcessed
reply_header_add start "E" !markedProcessed half10004 markProcessed
#####################################################################
tcp_outgoing_address 12.13.200.10 half10000
tcp_outgoing_address 12.13.200.11 half10001
tcp_outgoing_address 12.13.200.12 half10002
tcp_outgoing_address 12.13.200.13 half10003
tcp_outgoing_address 12.13.200.14 half10004
#####################################################################






Curl Testing :


root:~ user$ curl -x 12.13.200.250:2000    -U testx:testx  ifconfig.io  -v
* Rebuilt URL to: ifconfig.io/
*   Trying 12.13.200.250...
* TCP_NODELAY set
* Connected to 12.13.200.250 (12.13.200.250) port 2000 (#0)
* Proxy auth using Basic with user 'testx'
> GET http://ifconfig.io/ HTTP/1.1
> Host: ifconfig.io
> Proxy-Authorization: Basic YmVuOmJlbg==
> User-Agent: curl/7.54.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
< Date: Thu, 18 Jul 2019 22:04:11 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 40
< Connection: keep-alive
< start: E
< 
12.13.200.12
* Connection #0 to host 12.13.200.250 left intact




root:~ user$ curl -x 12.13.200.250:2000    -U testx:testx  ifconfig.io  -v
* Rebuilt URL to: ifconfig.io/
*   Trying 12.13.200.250...
* TCP_NODELAY set
* Connected to 12.13.200.250 (12.13.200.250) port 2000 (#0)
* Proxy auth using Basic with user 'testx'
> GET http://ifconfig.io/ HTTP/1.1
> Host: ifconfig.io
> Proxy-Authorization: Basic YmVuOmJlbg==
> User-Agent: curl/7.54.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
< Date: Thu, 18 Jul 2019 22:04:12 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 40
< Connection: keep-alive
< start: B
< 
12.13.200.13
* Connection #0 to host 12.13.200.250 left intact




root:~ user$ curl -x 12.13.200.250:2000    -U testx:testx  ifconfig.io  -v
* Rebuilt URL to: ifconfig.io/
*   Trying 12.13.200.250...
* TCP_NODELAY set
* Connected to 12.13.200.250 (12.13.200.250) port 2000 (#0)
* Proxy auth using Basic with user 'testx'
> GET http://ifconfig.io/ HTTP/1.1
> Host: ifconfig.io
> Proxy-Authorization: Basic YmVuOmJlbg==
> User-Agent: curl/7.54.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
< Date: Thu, 18 Jul 2019 22:04:13 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 38
< Connection: keep-alive
< start: a
< 
12.13.200.14
* Connection #0 to host 12.13.200.250 left intact
root:~ user$ 




Look @ results above i made 3 tests .


12.13.200.13 --> B
12.13.200.14 --> a
12.13.200.12 ---> E

And those are wrong ….


above are wrong reply values , the correct should be as below based on the Acls we configured .



 12.13.200.13 --->D
 12.13.200.12 ---->C
 12.13.200.14  ---->E


i hope its clear now :)

Thanks and looking forward to hear from you .





> On 18 Jul 2019, at 23:08, Alex Rousskov <rousskov at measurement-factory.com> wrote:
> 
> On 7/18/19 3:48 PM, --Ahmad-- wrote:
>> Any recommendation alex ?
> 
> I recommend isolating the problem to the minimum number of transactions
> (probably one or two in your case) and then posting your Squid
> configuration, actual transaction headers, and an explanation why those
> actual headers are wrong (and what headers you expected to see).
> 
> Alex.
> 
> 
>>> On 17 Jul 2019, at 18:36, Alex Rousskov <rousskov at measurement-factory.com> wrote:
>>> 
>>> On 7/17/19 10:40 AM, --Ahmad-- wrote:
>>> 
>>>> 2019/07/17 09:21:42| FATAL: Invalid ACL type ‘annotate_client'
>>> 
>>>> do i need to recompile squid to enable this kind of ACLS ?
>>> 
>>> These ACLs are only supported in the development version of Squid
>>> (future v5): https://github.com/squid-cache/squid/commit/63e82d8
>>> 
>>> Alex.
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190719/87a8c9f8/attachment.html>

More information about the squid-users mailing list