Re: [squid-dev] Drop cache_object protocol support

Tue, 24 Jan 2023 20:35:07 -0800 

On 1/24/23 20:57, Amos Jeffries wrote:
Blocker #1:  The cachemgr_passwd directly still needs to be cleanly removed, eg replaced by a manager_access ACL based mechanism. 


I do not see a relationship: I have not tested it, but the existing 
CacheManager::ParseHeaders() code already extracts authentication 
information from cache manager requests that use "http" scheme AFAICT. 
Can you detail why the cachemgr_passwd directive/code cannot continue to 
work essentially as it works today after cache_object scheme support is 
removed from Squid?




Blocker #2: The squidclient tool still sends cache_object: scheme when 
given "mgr:" on the CLI. We need to upgrade that first 


Looks like we are in agreement on that.



and allow admin 
some time to upgrade before removing the scheme support in squid itself.



Agreed. Would six months be enough in your opinion? If yes, we may be 
able to remove cache_object support in v6. Otherwise, we can remove 
cache_object support starting with v7 (as far as numbered releases are 
concerned).




cachemgr.cgi should already prefer http(s) and only use cache_object 
as a backup.



IMO the CGI tool should stay that way, supporting the scheme for older 
installations even after we drop it from the rest of Squid.



IMO, we should not keep any code that is only needed for Squid v3.1 and 
earlier. Squid v3.2 and later should http-based cache manager access, 
right? More code always means more maintenance overheads and higher 
change costs. Given our lack of resources, we should start ignoring 
Squid v3 needs.



Moreover, I do not see how we can keep that "backup" code while 
supporting newer Squids and Javascript-disabled browsers at the same 
time: AFAICT, when Javascript is disabled (or not working properly), 
that "only as a backup" code will send cache_object requests to modern 
Squids that will no longer support them...



I think we should upgrade that cachemgr.cgi code rather than preserve it 
for Squid v3 needs. However, if you insist, it will stay simply because 
I do not think cachemgr.cgi is worth our time.



Cheers,

Alex.

_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev






















					Reply via email to