[squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?
Yuri Voinov
yvoinov at gmail.com
Mon Sep 26 18:20:53 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
27.09.2016 0:08, Alex Rousskov пишет:
> On 09/26/2016 11:32 AM, Yuri Voinov wrote:
>> 26.09.2016 23:16, Alex Rousskov пишет:
>>> On 09/26/2016 10:42 AM, Yuri Voinov wrote:
>>>> How can I make a chain of adaptation with
>>>> different acl's for different chained services?
>
>>> By configuring several chains and then writing adaptation_access rules
>>> to select the right chain for a given message.
>
>
>> Ahaaaaaaaaa. I.e., I can specify chain_A with own access rules and one
>> service_A in chain, and then chain_B, also with own access rules and one
>> service_B, and, finally, specify chain_C with chain_A+chain_B and with
>> access "all". Right?
>
> Whether that is right or wrong depends on the specific ACLs. Also, there
> is no need to create single-service chains. If your rulesA are mutually
> exclusive with rulesB, then you can use them like this:
>
> adaptation_access serviceA rulesA
> adaptation_access serviceB rulesB
> adaptation_access chainAB all
>
> However, again, I discourage you from saying "chain_A with own access
> rulesA" because access rules do not belong to a chain. Squid evaluates
> adaptation_access lines in the squid.conf order. Thus, if rulesA are NOT
> mutually exclusive with rulesB, then the following configuration will
> have a different effect from the above three lines:
>
> adaptation_access serviceB rulesB
> adaptation_access serviceA rulesA
> adaptation_access chainAB all
>
> and this configuration does not make any sense at all:
>
> adaptation_access chainAB all
> adaptation_access serviceA rulesA
> adaptation_access serviceB rulesB
>
>
> It is better to think like this:
>
> adaptation_access serviceA rules1
> adaptation_access serviceB rules2
> adaptation_access chainC rules3
>
> serviceA is used when and only when "rules1" matches
> serviceB is used when and only when "!rules1 rules2" matches
> chainC is used when and only when "!rules1 !rules2 rules3" matches
>
> Each message will be sent to either just serviceA, or just serviceB, or
> just ChainC, or no services/chains/sets at all.
Ahaaaaaaaa, yes. Understand.
It is now clear. I rewrote the access rules and now adaptation works in
the chain at the right logic. Thank you for your explanations and your time!
>
>
>
> HTH,
>
> Alex.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJX6WcFAAoJENNXIZxhPexGWfEIAL8e3Al3C2lAxoKC8qCByzch
iKqBwOUbQBBoiQDsrKG0qgF4B+VMpalnO7OvtNOw/P9zcVAU27kzh643H3ynJCHY
gxEtrc2wjJjM1OlIEg0qR8cs4chC+bQ9eaySJtArAFnWktS6hm7VjebgivZq5IMT
eCz9EFizwVLld04QLKbOAX5cL2z8+ScumKPYH9ygEhllnNAdtg+9r3GwFJoOGPyM
JebsZjUTX56SrGZyEro89T2acGWC4rwJ1+oBwcMtp+rD5RUjAUStG/4teAdPopIA
R6v2hBHQSSsyttpaP9QL55JmhQmeV21FCAvyuU58pVv05UDVh4iROcWY43XY4IE=
=++B5
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160927/68df9247/attachment.key>
More information about the squid-users
mailing list