[squid-users] squid 5.1: external_acl_type: Get public remote address
David Touzeau
david at articatech.com
Thu Sep 16 19:53:39 UTC 2021
Thanks, i will try in this way
Le 16/09/2021 à 21:03, Alex Rousskov a écrit :
> On 9/16/21 2:52 PM, David Touzeau wrote:
>
>> It is true that it would be possible to use an external_acl in the
>> http_reply_access.
>>
>> Do you think that adding it in this position I would be able to use
>> squid's resolution results ?
> Yes, bugs notwithstanding, an external ACL evaluated at
> http_reply_access time should have access to %<a.
>
> HTH,
>
> Alex.
>
>
>> Le 16/09/2021 à 19:43, Alex Rousskov a écrit :
>>> On 9/16/21 1:30 PM, David Touzeau wrote:
>>>
>>>> I'm turning to create a DNS resolution dev and I'm giving up looking
>>>> retreive this information through Squid.
>>> Please note that if you do your own DNS resolution, then Squid DNS
>>> resolution results will probably mismatch your results in some cases.
>>> There have been many complaints about associated problems from folks
>>> that went this route...
>>>
>>> I am not sure what you are trying to do with that a %<a-based external
>>> ACL in Squid, so it is difficult to narrow down the solution search
>>> scope, but Squid does support slow ACLs in certain directives used when
>>> talking to origin servers or peers (after built-in DNS resolution and
>>> destination selection) so perhaps there is a way to do what you want
>>> without Squid modifications.
>>>
>>> If there is not, it would not be difficult to add a post-resolution
>>> directive that supports slow ACLs IMO, but, again, that requires more
>>> knowledge of the use case -- there are several places where such a
>>> directive can be added.
>>>
>>>
>>> Cheers,
>>>
>>> Alex.
>>>
>>>
>>>
>>>> Le 16/09/2021 à 19:13, Amos Jeffries a écrit :
>>>>> On 17/09/21 2:42 am, David Touzeau wrote:
>>>>>> Thanks Amos for quick answer.
>>>>>>
>>>>>> Can you take away any hope of a workaround with Squid ?
>>>>>>
>>>>>> This makes me plan having to develop a function that has to perform
>>>>>> DNS resolution inside the helper with the performance consequences
>>>>>> that this will impose.
>>>>>>
>>>>> I would be looking at a design where a helper classifies requests and
>>>>> using that later on when the server is known to match up the IP vs the
>>>>> classification. I'm struggling to think of a flow that works
>>>>> efficiently though.
>>>>>
>>>>> Amos
>>>>> _______________________________________________
>>>>> squid-users mailing list
>>>>> squid-users at lists.squid-cache.org
>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>> _______________________________________________
>>>> squid-users mailing list
>>>> squid-users at lists.squid-cache.org
>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210916/823c06e4/attachment.htm>
More information about the squid-users
mailing list