[squid-users] How to use http_status acl?

Alex Rousskov rousskov at measurement-factory.com
Wed Nov 6 18:24:08 UTC 2019 

On 11/6/19 1:03 PM, Felipe Arturo Polanco wrote:
> 4.7 from this branch:
> https://github.com/measurement-factory/squid/tree/SQUID-323-WebSocket-support  

It looks like you are hitting a bug that has not been fixed yet:
reply_header_add/httpHdrAdd() does not supply essential transaction info
to ACL checks. There has been significant progress in fixing similar
bugs recently, but this one was somehow missed AFAICT.

Alex.


> On Wed, Nov 6, 2019 at 12:47 PM Alex Rousskov wrote:
> 
>     On 11/6/19 8:49 AM, Felipe Arturo Polanco wrote:
>     > I have this warning in the logs:
>     >
>     > WARNING: 307_redirect ACL is used in context without an HTTP response.
>     > Assuming mismatch.
>     > Acl.cc(151) matches: checked: 307_redirect = 0
>     >
>     > I also tested using rep_header ACL and that causes the same
>     warning and
>     > defaulting to 0.
>     >
>     > Do I need anything else to make reply access lists to work?
> 
>     What is your Squid version?
> 
>     Alex.
> 
> 
>     > On Tue, Nov 5, 2019 at 6:01 PM Alex Rousskov wrote:
>     >
>     >     On 11/5/19 4:23 PM, Felipe Arturo Polanco wrote:
>     >     > I tried 200 status code from the
>     >     > webserver directly and doesn't work either.
>     >
>     >     Sounds like a Squid bug to me then. If you can reproduce with
>     Squid v4
>     >     or later, please consider filing a bug report in Squid
>     bugzilla. Quality
>     >     fixes welcomed.
>     >
>     >     Alex.
>     >
>     >
>     >     > On Tue, Nov 5, 2019 at 4:43 PM Alex Rousskov wrote:
>     >     >
>     >     >     On 11/5/19 3:06 PM, Felipe Arturo Polanco wrote:
>     >     >
>     >     >     > I have been trying to match http_status acl in my
>     squid.conf
>     >     file
>     >     >     but it
>     >     >     > has no effect.
>     >     >     >
>     >     >     > My goal is to add a given header to specific HTTP
>     return codes.
>     >     >     >
>     >     >     > eg:
>     >     >     > This works:
>     >     >     > acl user1 src 192.168.0.6/32 <http://192.168.0.6/32>
>     <http://192.168.0.6/32>
>     >     <http://192.168.0.6/32>
>     >     >     <http://192.168.0.6/32>
>     >     >     > reply_header_add Cache-Control "no-store" user1
>     >     >     >
>     >     >     > This doesn't work:
>     >     >     > acl 307_redirect http_status 307
>     >     >     > reply_header_add Cache-Control "no-store" 307_redirect
>     >     >     >
>     >     >     > Any ideas on what could I be missing here?
>     >     >
>     >     >     Does that 307 response come from a server (including
>     >     cache_peers) or is
>     >     >     it generated by Squid itself?
>     >     >
>     >     >     Alex.
>     >     >     _______________________________________________
>     >     >     squid-users mailing list
>     >     >     squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>
>     >     <mailto:squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>>
>     >     >     <mailto:squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>
>     >     <mailto:squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>>>
>     >     >     http://lists.squid-cache.org/listinfo/squid-users
>     >     >
>     >
>

More information about the squid-users mailing list