[squid-dev] Fix external_acl problems
Christos Tsantilas
christos at chtsanti.net
Thu Jan 28 19:12:44 UTC 2016
Please ignore this thread it is duplicated mail.
On 01/28/2016 09:10 PM, Christos Tsantilas wrote:
> Hi all,
>
> After the patch r14351 created the following problems:
> - external_acl requires AccessLogEntry but ALE is not available
> in many cases such as ssl_bump ACLs.
> - The %<cert_subject stopped working because it was supported by
> external_acl code and not by logformat code.
>
> This patch:
> - Passes AccessLogEntry in most cases.
> For example, PeerConnector-related classes are now covered.
> - Implements the %<cert_subject formating code for logformat.
>
>
> Still there are cases which are not handled correctly:
> - In the case of transparent SSL bumping, the patch uses a local
> AccessLogEntry to allow external_acl work with the ssl_bump access list.
>
> - The slow acls inside Ssl::PeerConnector can not support external_acl
> in the case of PeerPoolMgr
>
> - Most of the fast acls does not support ALE based acls. I know that
> currently the only ALE based acl is the external_acl, which is slow acl,
> but my opinion is that it is not bad idea to support cases the
> external_acl result is stored in cache.
>
> - Also we need to check and review if the informations passed with
> the ALE is the same passed using the FilledChecklist object. This is not
> obvious.
>
>
> This is a Measurement Factory project.
>
More information about the squid-dev
mailing list