Re: [squid-dev] forwarded_for based on acls

[Alex Rousskov]

On 11/3/20 5:58 AM, Eliezer Croitor wrote:

> I believe that the `forwarded_for` and the `via` config should be
> converted to an ACL style one.

Sure, (optional) ACL support in forwarded_for and via directives is an
improvement worth accepting. It should be straightforward to implement
as long as support is limited to fast ACLs. There are many similar
examples in the existing code.

This addition can (and must) be done in a backward compatible way. It
can (and, IMO, should) be done in a forward compatible way by requiring
an "if" keyword before the ACLs (we are using such an approach for the
upcoming tls_key_log feature detailed at
http://lists.squid-cache.org/pipermail/squid-dev/2020-July/009605.html).


Cheers,

Alex.
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

[squid-dev] forwarded_for based on acls

[Eliezer Croitor]

Hey,

 

I believe that the `forwarded_for` and the `via` config should be converted
to an ACL style one.

Ie:

forwarded_for on localnet

forwarded_for delete port_name

 

etc..

 

I do not have a specific config format for this and I do not know if this is
the right way.

I was thinking it might be possible to use some form of `
request_header_add`  and/or ` request_header_replace` set of rules 
to apply such a function in the current squid code to avoid feature
development.

There are other aspects to the subject like backwards compatibility.

 

What do you think?

 

Thanks.

 



Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email:   ngtech1...@gmail.com

 

___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev