[squid-users] how to put the destination ip to an external acl helper ?
Alex Rousskov
rousskov at measurement-factory.com
Wed Jul 20 13:10:56 UTC 2022
On 7/19/22 08:05, Dieter Bloms wrote:
> Hello,
>
> I wrote a little external acl helper and want squid to put the
> destination fqdn _and_ the destination ip to it.
>
> I found the parameter %DST and this is filled with the destination fqdn.
>
> Is there also a parameter for the destination ip squid want's to connect to ?
To answer your exact question, no, there is not. Until Squid actually
starts connecting to a cache_peer or origin server, it does not know the
destination IP(s). Those addresses become known only in the process of
finding the right destination(s), resolving their names, determining
whether to use IPv4 or IPv6, and establishing (or reusing) a TCP
connection to the chosen IP address. Until then, %<a is not available.
I am not sure what the first squid.conf directive (with slow ACLs
support) "guaranteed" to have filled %<a is. There is probably one
before http_reply_access, but the exact directive depends on your
configuration/environment.
Most likely, we should add configuration directive(s) (with slow ACLs
support) that are applied soon after the IP address becomes known. One
of them could be used, for example, to reject chosen destination IP
addresses before Squid starts using them.
HTH,
Alex.
More information about the squid-users
mailing list