On 1/24/23 12:22, Eduard Bagdasaryan wrote:
Today we can query cache manager in two ways:
1. with cache_object:// URL scheme
2. with an HTTP request having the 'squid-internal-mgr' path prefix.
I guess that when (2) was initially added at e37bd29, its implementation
was somewhat incomplete compared to the old cache_object scheme (e.g.,
it lacked authentication) and both methods existed. Since then, however,
(2) has been improved and it should be equivalent to (1) by now. If so,
can we completely remove the non-standard cache_object scheme support
from Squid? This would simplify request forwarding logic, including code
paths where the existing code complexity may result in vulnerability
issues.
FWIW, I am not aware of any good reason to keep supporting the
"cache_object" URI scheme.
MgrFieldChars() already calls that scheme deprecated. That special (and
undocumented?) scheme did cause significant problems in the past. I am
sure it will continue to cause problems if not removed. Removing it will
simplify code in several tricky places. There will be some upgrade pains
for admins, but we will be better off without cache_object long-term IMO.
Needless to say, squidclient and cachemgr.cgi implementations would need
to be adjusted to use HTTP URLs instead, but I hope those adjustments
are straightforward.
HTH,
Alex.
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
