RE: [squid-users] Why doesn't REQUEST_HEADER_ACCESS work properly with aclnames?

From: Jenny Lee <bodycare_5_at_live.com>
Date: Thu, 28 Apr 2011 19:25:27 +0000

> > It seems to me that ACL SRC is NEVER checked when going to a Peer.
> >
> > WHAT I WANT TO DO:
> > acl OFFICE src 1.1.1.1
> > request_header_access User-Agent allow OFFICE
> > request_header_access User-Agent deny all
> > request-header_replace User-Agent BOGUS AGENT
> >
> >
> > [OFFICE UA should not be modified whehter going direct or through a peer]
> >
> > Thanks,
> >
> > Jenny
> >
> > PS: Running 3.2.0.7 on production and works good and reliably. The UA issue above is present on both 3.2.0.1 and 3.2.0.7.
>
>
> Okay, this is going to need a cache.log trace for "debug_options 28,9"
> to see what is being tested where.
 
 
No difference whatever is done. PEER1, !PEER1, !PEER2... No peer... Seperate lines...
 
SRC IP is never available, so it always fails. PEER is available though, I can make it work with using just PEER1. Going direct works also as expected.
 
Thanks.
 
Jenny
 
 
kid1| ACLChecklist::preCheck: 0x7ffff504abc0 checking 'request_header_access User-Agent allow OFFICE_IP !PEER1'
kid1| ACLList::matches: checking OFFICE_IP
kid1| ACL::checklistMatches: checking 'OFFICE_IP'
kid1| aclIpAddrNetworkCompare: compare: [::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00] ([::]) vs 2.2.2.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00]
kid1| aclIpMatchIp: '[::]' NOT found
kid1| ACL::ChecklistMatches: result for 'OFFICE_IP' is 0
kid1| ACLList::matches: result is false
kid1| aclmatchAclList: 0x7ffff504abc0 returning false (AND list entry failed to match)
Received on Thu Apr 28 2011 - 19:25:34 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 29 2011 - 12:00:05 MDT