Re: [squid-dev] A new 'has' ACL

Sun, 30 Apr 2017 21:04:35 -0700 

On 01/05/17 01:05, Eduard Bagdasaryan wrote:

Hello,


I am working on a new 'has' ACL:

  acl aclname has <component>
where "component" is one of the following three tokens: request, response, or ALE. 
For example:

  acl hasRequest has request

Multiple components on one ACL line are not supported because they
would have to be ORed and ORing components would probably go against
admin expectaions in most cases:
acl hasWhatMyLoggingDaemonNeeds has request response # XXX: Likely to be wrong! 

Multiple same-name ACL lines would still be ORed to support arguably
rare use cases where ORing is appropriate:

  # OK, this strange logging daemon needs request or response,
  # but can work without either a request or a response:
  acl hasWhatMyLoggingDaemonNeeds has request
  acl hasWhatMyLoggingDaemonNeeds has response

This new ACL addresses a TODO in item #3 of trunk revision 14752,
adding that 'missing' configuration option.

For example, the following configuration:

  acl logMe note important_transaction
  access_log ... logformat=detailed logMe

gives such 'noise' warning messages:
2017/01/06 12:54:46 kid2| WARNING: logMe ACL is used in context without an HTTP request. Assuming mismatch. 2017/01/06 12:54:46 kid1| WARNING: logMe ACL is used in context without an HTTP request. Assuming mismatch. 

Once the "has" ACL is available, the admin can do either:

  acl logMe note important_transaction
  access_log ... logformat=detailed hasRequest logMe

  or even

  acl logMe note important_transaction
  access_log ... logformat=detailed hasRequest logMe
  access_log ... logformat=brief !hasRequest logMe

 If you think these specs miss something important, let's discuss.



Thank you for working on this.
Is there an explicit need you have found for ALE to be on the component list? Since ALE is currently standing in as a "master transaction" object for most of the Squid code. It needs to be either created or provided/fetched from elsewhere whenever it is used. Having an ACL that bypasses that would defeat bug-finding of places where it is broken. 

Amos

_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev

Reply via email to