Re: [squid-users] External ACL with tcp_outgoing_

From: Henrik Nordstrom <[email protected]>
Date: 08 Sep 2003 18:15:17 +0200

m�n 2003-09-08 klockan 17.49 skrev squid-adm@univer.kharkov.ua:

> But I have one more question related this subject:
> can some requests passed through the ACL ext_acl
> ("http_access deny ext_acl fake_acl") use different source address
> then x.x.x.x, if options
> tcp_outgoing_address x.x.x.x ext_acl
> tcp_outgoing_address y.y.y.y
> exist below?

Yes. Occasionally the ext_acl may fail in tcp_outgoing_address. This can
happen if the configured ttl for the acl expires between http_access and
tcp_outgoing_address. This applies to all types of ACLs requiring
external lookups of some kind (i.e. external or dns based ACLs).

Another case where this will happen but more consistently (i.e. all the
time) is if the acl requires information not available to
tcp_outgoing_address. In such case the ext_acl will never give correct
results in tcp_outgoing_address even if also evaluated in http_access.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [email protected]
Received on Mon Sep 08 2003 - 10:15:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:35 MST