Dear all,
I got some debug information from cache.log, and I found a strange behavior
in its logs. According to logs, it looks opposite behavior after comparing a
rule.
#my configureation
adaptation_access svcBlocker deny eicar
adaptation_access svcBlocker deny trend
Go to www.trendmicro.com
2008/08/14 10:58:14.062| Adaptation::AccessCheck has 2 rules
2008/08/14 10:58:14.062| ACLChecklist::preCheck: 0xdedb028 checking
'adaptation_access svcBlocker deny eicar'
2008/08/14 10:58:14.062| ACLList::matches: checking eicar
2008/08/14 10:58:14.062| ACL::checklistMatches: checking 'eicar'
2008/08/14 10:58:14.062| aclRegexData::match: checking
'http://www.trendmicro.co.jp/download/test-virus.asp'
2008/08/14 10:58:14.062| aclRegexData::match: looking for
'http://www.eicar.org/'
2008/08/14 10:58:14.062| ACL::ChecklistMatches: result for 'eicar' is 0
2008/08/14 10:58:14.062| ACLList::matches: result is false
2008/08/14 10:58:14.062| aclmatchAclList: 0xdedb028 returning false (AND
list entry failed to match)
2008/08/14 10:58:14.062| aclmatchAclList: async=0 nodeMatched=0
async_in_progress=0 lastACLResult() = 0 finished() = 0
2008/08/14 10:58:14.062| ACLChecklist::check: 0xdedb028 NO match found,
returning 1
2008/08/14 10:58:14.062| ACLChecklist::checkCallback: 0xdedb028 answer=1
***** No more check for the rest of rules even though the match was false.
Go to www.eicar.com
2008/08/14 11:03:33.038| ACLList::matches: checking eicar
2008/08/14 11:03:33.038| ACL::checklistMatches: checking 'eicar'
2008/08/14 11:03:33.038| aclRegexData::match: checking
'http://www.eicar.org/anti_virus_test_file.htm'
2008/08/14 11:03:33.038| aclRegexData::match: looking for
'http://www.eicar.org/'
2008/08/14 11:03:33.038| aclRegexData::match: match 'http://www.eicar.org/'
found in 'http://www.eicar.org/anti_virus_test_file.htm'
2008/08/14 11:03:33.038| ACL::ChecklistMatches: result for 'eicar' is 1
2008/08/14 11:03:33.038| ACLList::matches: result is true
***** Going on checking for the rest of rules even though the match was
true.
2008/08/14 11:03:33.038| ACLChecklist::preCheck: 0xc172160 checking
'adaptation_access svcBlocker deny trend'
2008/08/14 11:03:33.038| ACLList::matches: checking trend
2008/08/14 11:03:33.038| ACL::checklistMatches: checking 'trend'
2008/08/14 11:03:33.038| aclRegexData::match: checking
'http://www.eicar.org/anti_virus_test_file.htm'
2008/08/14 11:03:33.038| aclRegexData::match: looking for
'http://www.trendmicro.co.jp/'
2008/08/14 11:03:33.038| ACL::ChecklistMatches: result for 'trend' is 0
2008/08/14 11:03:33.038| ACLList::matches: result is false
2008/08/14 11:03:33.038| aclmatchAclList: 0xc172160 returning false (AND
list entry failed to match)
2008/08/14 11:03:33.038| aclmatchAclList: async=0 nodeMatched=0
async_in_progress=0 lastACLResult() = 0 finished() = 0
2008/08/14 11:03:33.038| ACLChecklist::check: 0xc172160 NO match found,
returning 1
Best Regards,
Seiji Kobayashi
-----Original Message-----
From: S.KOBAYASHI [mailto:kobayashi_at_e-trees.jp]
Sent: Thursday, August 14, 2008 9:19 AM
To: squid-users_at_squid-cache.org
Subject: RE: [squid-users] Can't controle adaptation_access properly in
ICAP.
Could anyone ask something please?
I have a bit information for this case.
When I configure only one ACL at the adaptation_access, it worked fine.
As bellow, Squid's icap client didn't activate for only eicar ACL and
another ACL was activated.
# This is OK.
adaptation_access svcBlocker deny eicar
#adaptation_access svcBlocker deny trend --->commented
I think that this problem emerges, when two more adaptation_access is used
for a service_set.
Best Regards,
Seiji Kobayashi
-----Original Message-----
From: S.KOBAYASHI [mailto:kobayashi_at_e-trees.jp]
Sent: Tuesday, August 12, 2008 5:21 PM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Can't controle adaptation_access properly in ICAP.
Dear developer,
I'm using the squid-3.HEAD-20080811, and trying to activate icap connections
properly as I expected.
It means to activate icap or not by using adaptation_access with ACL.
However, adaptation_access didn't seem worked properly.
I configured ICAP settings as below.
acl eicar url_regex http://www.eicar.org/ acl trend url_regex
http://www.trendmicro.co.jp/
icap_service service_1 respmod_precache 0
icap://192.168.10.231:1344/interscan
icap_service service_2 respmod_precache 0
icap://192.168.10.232:1344/interscan
adaptation_service_set svcBlocker service_1 service_2
adaptation_access svcBlocker deny eicar
adaptation_access svcBlocker deny trend
#adaptation_access svcBlocker allow all --> commented
In this case, squid did activate both eicar and trend, and then connected to
the ICAP server.
I'm wondering, if adaptation_access has a lack of software, or my
configuration is something wrong?
Best Regards,
Seiji Kobayashi
Received on Thu Aug 14 2008 - 02:49:13 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 14 2008 - 12:00:03 MDT