[squid-dev] Drop cache_object protocol support
Alex Rousskov
rousskov at measurement-factory.com
Tue Jan 24 19:23:21 UTC 2023
On 1/24/23 12:22, Eduard Bagdasaryan wrote:
> Today we can query cache manager in two ways:
>
> 1. with cache_object:// URL scheme
> 2. with an HTTP request having the 'squid-internal-mgr' path prefix.
>
> I guess that when (2) was initially added at e37bd29, its implementation
> was somewhat incomplete compared to the old cache_object scheme (e.g.,
> it lacked authentication) and both methods existed. Since then, however,
> (2) has been improved and it should be equivalent to (1) by now. If so,
> can we completely remove the non-standard cache_object scheme support
> from Squid? This would simplify request forwarding logic, including code
> paths where the existing code complexity may result in vulnerability
> issues.
FWIW, I am not aware of any good reason to keep supporting the
"cache_object" URI scheme.
MgrFieldChars() already calls that scheme deprecated. That special (and
undocumented?) scheme did cause significant problems in the past. I am
sure it will continue to cause problems if not removed. Removing it will
simplify code in several tricky places. There will be some upgrade pains
for admins, but we will be better off without cache_object long-term IMO.
Needless to say, squidclient and cachemgr.cgi implementations would need
to be adjusted to use HTTP URLs instead, but I hope those adjustments
are straightforward.
HTH,
Alex.
More information about the squid-dev
mailing list