[squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?

Alex Rousskov rousskov at measurement-factory.com
Mon Sep 26 18:08:44 UTC 2016 

On 09/26/2016 11:32 AM, Yuri Voinov wrote:
> 26.09.2016 23:16, Alex Rousskov пишет:
>> On 09/26/2016 10:42 AM, Yuri Voinov wrote:
>>> How can I make a chain of adaptation with
>>> different acl's for different chained services?

>> By configuring several chains and then writing adaptation_access rules
>> to select the right chain for a given message.


> Ahaaaaaaaaa. I.e., I can specify chain_A with own access rules and one
> service_A in chain, and then chain_B, also with own access rules and one
> service_B, and, finally, specify chain_C with chain_A+chain_B and with
> access "all". Right?

Whether that is right or wrong depends on the specific ACLs. Also, there
is no need to create single-service chains. If your rulesA are mutually
exclusive with rulesB, then you can use them like this:

  adaptation_access serviceA rulesA
  adaptation_access serviceB rulesB
  adaptation_access chainAB all

However, again, I discourage you from saying "chain_A with own access
rulesA" because access rules do not belong to a chain. Squid evaluates
adaptation_access lines in the squid.conf order. Thus, if rulesA are NOT
mutually exclusive with rulesB, then the following configuration will
have a different effect from the above three lines:

  adaptation_access serviceB rulesB
  adaptation_access serviceA rulesA
  adaptation_access chainAB all

and this configuration does not make any sense at all:

  adaptation_access chainAB all
  adaptation_access serviceA rulesA
  adaptation_access serviceB rulesB


It is better to think like this:

  adaptation_access serviceA rules1
  adaptation_access serviceB rules2
  adaptation_access chainC rules3

serviceA is used when and only when "rules1" matches
serviceB is used when and only when "!rules1 rules2" matches
chainC is used when and only when "!rules1 !rules2 rules3" matches

Each message will be sent to either just serviceA, or just serviceB, or
just ChainC, or no services/chains/sets at all.


HTH,

Alex.

More information about the squid-users mailing list