[squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?

Yuri Voinov yvoinov at gmail.com
Mon Sep 26 18:20:53 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 

27.09.2016 0:08, Alex Rousskov пишет:
> On 09/26/2016 11:32 AM, Yuri Voinov wrote:
>> 26.09.2016 23:16, Alex Rousskov пишет:
>>> On 09/26/2016 10:42 AM, Yuri Voinov wrote:
>>>> How can I make a chain of adaptation with
>>>> different acl's for different chained services?
>
>>> By configuring several chains and then writing adaptation_access rules
>>> to select the right chain for a given message.
>
>
>> Ahaaaaaaaaa. I.e., I can specify chain_A with own access rules and one
>> service_A in chain, and then chain_B, also with own access rules and one
>> service_B, and, finally, specify chain_C with chain_A+chain_B and with
>> access "all". Right?
>
> Whether that is right or wrong depends on the specific ACLs. Also, there
> is no need to create single-service chains. If your rulesA are mutually
> exclusive with rulesB, then you can use them like this:
>
>   adaptation_access serviceA rulesA
>   adaptation_access serviceB rulesB
>   adaptation_access chainAB all
>
> However, again, I discourage you from saying "chain_A with own access
> rulesA" because access rules do not belong to a chain. Squid evaluates
> adaptation_access lines in the squid.conf order. Thus, if rulesA are NOT
> mutually exclusive with rulesB, then the following configuration will
> have a different effect from the above three lines:
>
>   adaptation_access serviceB rulesB
>   adaptation_access serviceA rulesA
>   adaptation_access chainAB all
>
> and this configuration does not make any sense at all:
>
>   adaptation_access chainAB all
>   adaptation_access serviceA rulesA
>   adaptation_access serviceB rulesB
>
>
> It is better to think like this:
>
>   adaptation_access serviceA rules1
>   adaptation_access serviceB rules2
>   adaptation_access chainC rules3
>
> serviceA is used when and only when "rules1" matches
> serviceB is used when and only when "!rules1 rules2" matches
> chainC is used when and only when "!rules1 !rules2 rules3" matches
>
> Each message will be sent to either just serviceA, or just serviceB, or
> just ChainC, or no services/chains/sets at all.
Ahaaaaaaaa, yes. Understand.

It is now clear. I rewrote the access rules and now adaptation works in
the chain at the right logic. Thank you for your explanations and your time!
>
>
>
> HTH,
>
> Alex.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX6WcFAAoJENNXIZxhPexGWfEIAL8e3Al3C2lAxoKC8qCByzch
iKqBwOUbQBBoiQDsrKG0qgF4B+VMpalnO7OvtNOw/P9zcVAU27kzh643H3ynJCHY
gxEtrc2wjJjM1OlIEg0qR8cs4chC+bQ9eaySJtArAFnWktS6hm7VjebgivZq5IMT
eCz9EFizwVLld04QLKbOAX5cL2z8+ScumKPYH9ygEhllnNAdtg+9r3GwFJoOGPyM
JebsZjUTX56SrGZyEro89T2acGWC4rwJ1+oBwcMtp+rD5RUjAUStG/4teAdPopIA
R6v2hBHQSSsyttpaP9QL55JmhQmeV21FCAvyuU58pVv05UDVh4iROcWY43XY4IE=
=++B5
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160927/68df9247/attachment.key>


More information about the squid-users mailing list