Re: [squid-users] Lack of understanding ? from Dmitry S. Makovey on 2006-04-03 (squid-users)

From: Dmitry S. Makovey <dmitry@dont-contact.us>
Date: Mon, 03 Apr 2006 14:21:49 -0600

On Monday 03 April 2006 11:54, Henrik Nordstrom wrote:
> mån 2006-04-03 klockan 09:08 -0600 skrev Dmitry S. Makovey:
> > Yes - it's a restrictive reverse proxy, or gateway if you wish -
> > Machines are not allowed to do outbound connections themselves
> > and all the outbound traffic is being filtered based on network
> > machine belongs to and other criteria. Posted ruleset was just a
> > beginning of what I intend to do but even as "simple" as it is it
> > didn't work.
>
> The reason why I ask is because http_reply_access is "post mortem"
> access controls, meant to complement your http_access rules with
> additional rules which can only be resolved when the request has
> been forwarded and the reply is coming back. Prime example is
> checking the response mime type.

that is exactly what I'm trying to do: I need to check if incoming
filetype is XML and only XML is being passed back to client.

> To get to http_reply_access you must first pass http_access.

I think I resolved this one... at least log file reports this as being
passed.

But now I've got completely new problem: Squid seems to be falling
into some loop with output like:

2006/04/03 13:50:59| aclMatchAclList: checking from_clients
2006/04/03 13:50:59| aclMatchAcl: checking 'acl from_clients src
192.168.1.0/255.255.255.0'
2006/04/03 13:50:59| aclMatchIp: '192.168.1.6' found
2006/04/03 13:50:59| aclMatchAclList: returning 1
2006/04/03 13:50:59| aclCheckFast: list: (nil)
2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1
2006/04/03 13:50:59| aclCheckFast: list: (nil)
2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1
2006/04/03 13:50:59| aclCheckFast: list: (nil)
2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1
2006/04/03 13:50:59| aclCheckFast: list: (nil)
2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1
2006/04/03 13:50:59| aclCheckFast: list: (nil)
2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1
2006/04/03 13:50:59| aclCheckFast: list: (nil)
2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1
2006/04/03 13:50:59| aclCheckFast: list: (nil)
2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1
2006/04/03 13:50:59| aclCheckFast: list: (nil)
2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1
2006/04/03 13:50:59| aclCheckFast: list: (nil)
2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1
2006/04/03 13:50:59| aclCheckFast: list: 0x9acd910

and from one request it generates about 200M worth of logs! 8-O

I can re-post my squid.conf if that helps.

-- 
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245

application/pgp-signature attachment: stored

Received on Mon Apr 03 2006 - 14:22:04 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT