[squid-users] Possible to user reply_header_add directive with acl random access list ?

Amos Jeffries squid3 at treenet.co.nz
Wed Jul 17 11:42:25 UTC 2019


On 17/07/19 9:41 pm, --Ahmad-- wrote:
> Hi Alex, 
> acl half10000 random 1/10
> acl half10001 random 1/9
> acl half10002 random 1/8
> acl half10003 random 1/7
> acl half10004 random 1/6
> acl half10005 random 1/5
> acl half10006 random 1/4
> acl half10007 random 1/3
> acl half10008 random 1/2
> acl half10009 random 1/1
> ########################################
> reply_header_add start "A" half10000
> reply_header_add start "B" half10001
> reply_header_add start "C" half10002
> reply_header_add start "D" half10003
> reply_header_add start "E" half10004
> reply_header_add start "F" half10005
> reply_header_add start "G" half10006
> reply_header_add start "H" half10007
> reply_header_add start "I" half10008
> reply_header_add start "J" half10009
> ##############################
> tcp_outgoing_address 12.13.100.1 half10000
> tcp_outgoing_address 12.13.100.2 half10001
> tcp_outgoing_address 12.13.100.3 half10002
> tcp_outgoing_address 12.13.100.4 half10003
> tcp_outgoing_address 12.13.100.5 half10004
> tcp_outgoing_address 12.13.100.6 half10005
> tcp_outgoing_address 12.13.100.7 half10006
> tcp_outgoing_address 12.13.100.8 half10007
> tcp_outgoing_address 12.13.100.9 half10008
> tcp_outgoing_address 12.13.100.10 half10009
> 
> 
> 
>  curl -x 12.13.100.250:2000    -U hi:hi  ifconfig.io  -v
> 
> * Rebuilt URL to: ifconfig.io/
> *   Trying 12.13.100.250...
> * TCP_NODELAY set
> * Connected to 12.13.100.250 (12.13.100.250) port 2000 (#0)
> * Proxy auth using Basic with user 'hi'
>> GET http://ifconfig.io/ HTTP/1.1
>> Host: ifconfig.io
>> Proxy-Authorization: Basic YmVuOmJlbg==
>> User-Agent: curl/7.54.0
>> Accept: */*
>> Proxy-Connection: Keep-Alive
>>
> < HTTP/1.1 200 OK
> < Date: Wed, 17 Jul 2019 09:34:57 GMT
> < Content-Type: text/plain; charset=utf-8
> < Content-Length: 40
> < Connection: keep-alive
> < start: G
> < start: F
> < start: E
> < start: E
> < 
> 12.13.100.2 
> * Connection #0 to host 12.13.100.250 left intact
> 

That reply does look strange. "E" should only occur once, and "J" is
missing.


> 
> another Hit :
> 
> 
>  curl -x 12.13.100.250:2000    -U hi:hi  ifconfig.io  -v
> 
> * Rebuilt URL to: ifconfig.io/
> *   Trying 12.13.100.250...
> * TCP_NODELAY set
> * Connected to 12.13.100.250 (12.13.100.250) port 2000 (#0)
> * Proxy auth using Basic with user 'hi'
>> GET http://ifconfig.io/ HTTP/1.1
>> Host: ifconfig.io
>> Proxy-Authorization: Basic YmVuOmJlbg==
>> User-Agent: curl/7.54.0
>> Accept: */*
>> Proxy-Connection: Keep-Alive
>>
> < HTTP/1.1 200 OK
> < Date: Wed, 17 Jul 2019 09:34:57 GMT
> < Content-Type: text/plain; charset=utf-8
> < Content-Length: 40
> < Connection: keep-alive
> < start: F
> < start: A
> < start: J
> < start: I
> < 
> 12.13.100.6
> 
> 
> 
> so as you see above , i have multiple replied headers not single one .
> and the replied header even are wrong .
> so wrong multiple results i do recieve .
> 

reply_header_add does not stop with the first matching line like
http_access. Each is checked to see if that value is to be added.

So naturally each letter has a random chance of being added.

In other words;
 You have configured Squid to add the header "start" between 0 and 10
times, with a selection of letters.


The tcp_outgoing_address check for which IP address to use is
independent of what headers are added. That directive *does* stop on
first matching line.


> 
> my questions is :
> 
> 1- why mutiple replies do we recieve not single reply ?

What do you mean by "multiple replies" ?


> 2- why the recieved replies are wrong , i expect single reply based on my random acls we setup . ?
> 

Every time a "random" type ACL is tested a new random number is selected
and checked against the match:non-match ratio you configure.



> do we need other stuff with random acl to have it work with header directive ?
> 

The ACL works as designed. You appear to have missed the fact that each
check/test of the ACL uses a different randomly selected number.


Amos


More information about the squid-users mailing list