[squid-dev] [PATCH] transaction_initiator ACL for detecting various unusual transactions
Christos Tsantilas
christos at chtsanti.net
Thu Jun 8 10:41:12 UTC 2017
This ACL is essential in several use cases, including:
* After fetching a missing intermediate certificate, Squid uses the
regular cache (and regular caching rules) to store the response. Squid
deployments that do not want to cache regular traffic need to cache
fetched certificates and only them.
acl fetched_certificate transaction_initiator certificate-fetching
cache allow fetched_certificate
cache deny all
* Many traffic policies and tools assume the existence of an HTTP client
behind every transaction. Internal Squid requests violate that
assumption. Identifying internal requests protects external ACLs, log
analysers, and other mechanisms from the transactions they mishandle.
acl skip_logging transaction_initiator internal
access_log ... !skip_logging
The new transaction_initiator ACL classifies transactions based on their
initiator. Currently supported initiators are esi, certificate-fetching,
cache-digest, internal, client, and all. In the future, the same ACL
will be able to identify HTTP/2 push transactions using the "server"
initiator. See src/cf.data.pre for details.
This is a Measurement Factory project.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-263-ACL-for-Caching-of-Fetched-Certificates-t6.patch
Type: text/x-patch
Size: 122153 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170608/e164acf4/attachment-0001.bin>
More information about the squid-dev
mailing list