On 1/13/21 7:47 PM, Hideyuki Kawai wrote: > 1. "external_acl" can not use on tcp_outgoing_address. Because the > external_acl type is slow. My understanding is correct?
Yes, your understanding is correct. There are cases where a slow ACL "usually works" with a tcp_outgoing_address directive due to ACL caching side effects, and there are many examples on the web abusing those side effects, but you should not rely on such accidents when using modern Squid versions. > 2. If yes, how to solve my requirement? Use an annotation approach instead. The "note" ACL is fast, and the external ACL helper can annotate transactions (and connections) in modern Squids. The only difficulty with this approach is to find a directive that satisfies all of the conditions below: 1. supports slow ACLs 2. evaluated after the info needed by the external ACL helper is known 3. evaluated before tcp_outgoing_address In many cases, http_access is such a directive, but YMMV. HTH, Alex. P.S. FWIW, I can agree with one Eliezer statement on this thread: This thread belongs to squid-users, not squid-dev. _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev