On 29/12/2011 9:01 p.m., Ming Pun wrote:
> I have the following acl in my squid.conf
>
> external_acl_type acexternal children=50 ttl=60 negative_ttl=1 %>{X-MYAUTH} /usr/local/bin/acexternal localhost
> acl iceauth external acexternal
> http_access allow iceauth
> http_access deny all
>
> question on TTL expiration on the external_acl_type. When a external acl cached_result is expired due to TTL timeout, seems like squid will do a async call to the external acl program, acexternal in this case above, to validate the acl request.
> if the async call acexternal does not return result before the "http_access deny all" is executed, will squid consider it is a 403 situation?
"deny all" will never get tested until after the async lookup has a
result back. http_access is one of the ("slow" type) access controls
which wait for async lookups.
Amos
Received on Thu Dec 29 2011 - 10:48:41 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 30 2011 - 12:00:06 MST