[squid-users] reply_header to block downloads

Alex Rousskov rousskov at measurement-factory.com
Thu Nov 19 15:04:11 UTC 2020


On 11/18/20 3:20 PM, robert k Wild wrote:

> can i use the acl "reply_header_access" to block downloads, like i have
> done with the " rep_mime_type " or is this not what its meant for

Roughly speaking, ACL is a boolean function -- something that gives
Squid a yes/no answer to an ACL-specific question. A typical ACL can be
used in many contexts, for many purposes. By itself, an ACL does not
block or allow anything. Unfortunately, folks sometimes misuse the term
"ACL" to mean "an ACL-driven directive".

* rep_mime_type is an ACL. The question this particular ACL answers is
"Does the response have the specified Content-Type header field value?"

* reply_header_access is not an ACL. It is an ACL-driven directive (i.e.
a directive that accepts ACLs as configuration parameters). This
particular directive does not block any responses. Instead, it prevents
individual response header fields from being delivered by Squid to HTTP
clients. It does not affect responses received by Squid -- beyond
sending bytes to clients, Squid does not see the effects of this
directive when processing the response. For example, Squid code
responsible for storing responses in the cache is executed before this
directive is applied.


HTH,

Alex.


More information about the squid-users mailing list