[squid-dev] [PATCH] Fix 'miss_access' and 'cache' checks when no ACL rules matched
Amos Jeffries
squid3 at treenet.co.nz
Fri May 12 14:32:53 UTC 2017
On 13/05/17 01:12, Eduard Bagdasaryan wrote:
>
> On 12.05.2017 07:54, Amos Jeffries wrote:
>> The other access lists which obviously treat non-allowed as denied
>> are very recent additions. So using them as a template to re-write
>> existing and widely used directives behaviour is not great.
>
> Frankly speaking, the "cache" directive behavior changed rather
> recently (r14984), as I noted above. Can we say that it became
> 'widely' used
> since then? On the contrary, I suspect that this change broke (or
> eventually
> will break) some existing installations.
That r14984 was itself carefully designed to _revert_ unintentional side
effects hostVerify had on cache directive behaviour. Your patch is
reverting those DUNNO occurances back to the code which had many, many
complaints.
> I so, the only "miss_access" directive check change may
> break some installations. Should we make an exception for this single
> directive or formalize the rules, making them identical for all
> directives?
> Probably the latter would be better for long term. We can postpone
> this change
> of course, adding a warning message for admin, that
> 'dunno' or 'auth required' outcomes will be denied in future releases.
>
For cache there is the deprecation I mentioned.
For miss_access there is
<http://bugs.squid-cache.org/show_bug.cgi?id=528>, Squid-2 miss_access
is a slow/async lookup.
Amos
More information about the squid-dev
mailing list