[squid-users] How to execute external helpers for each request ?

Alex Rousskov rousskov at measurement-factory.com
Mon Jun 28 19:15:08 UTC 2021


On 6/25/21 8:01 PM, squid3 at treenet.co.nz wrote:
> Also, the foo= annotations are additive by default.

I would like to add words of caution to this email thread: Squid helper
annotation handling depends on Squid version, the helper category, and
the annotation name. Most of this is undocumented. Test well before
deploying!

The overall intent of Squid v4+ code processing custom annotations (i.e.
annotations with names that Squid code does not know about in advance),
is for Squid to replace the old annotation value with the new one.
Documentation[1] says that custom annotation names should end with an
underscore ("_")  to avoid clashes with "standard" annotations that
Squid code already knows (or will know) about and, hence, treats (or
will treat) specially.

Based on Amos' summary[2], the values of the following standard
annotations are appended/concatenated/accumulated instead of being replaced:

* Basic: "group", "tag"
* Digest: "group", "tag", "nonce"
* NTLM / Negotiate: "group", "tag"
* external ACL: "group", "tag"
* URL-rewrite: "group", "tag"


Squid v4 (incorrectly) accumulates same-name/different-value
annotations. This problem, reported as bug #4912, was probably fixed in
[3], but

* that fix has not been ported to v4 AFAICT, and
* Squid v5 Auth::User::absorb() code that can be interpreted as
  accumulating same-name/different-value annotations, so there might be
  more similar bugs in Squid that still need to be discovered and fixed.

[1] https://wiki.squid-cache.org/Features/AddonHelpers
[2] https://github.com/squid-cache/squid/pull/393#issuecomment-491481060
[3] https://github.com/squid-cache/squid/commit/d665de3

Alex.


More information about the squid-users mailing list