On 2025-10-17 07:46, Marcus Kool wrote:
My squid.conf (v6.8) has "email_err_data off" but "squid -k parse 2>&1 |
grep email_err_data" produces nothing. Is this expected behavior?
No, it is not. You should see something like
2025/10/17 10:07:53| Processing: email_err_data off
Please make sure that your "squid -k parse" command works with the same
configuration file you are adding an email_err_data directive to. For
example, you might be adding that directive to some custom configuration
file but executing "squid -k parse" against the default configuration
file. Using something like "grep -E 'email_err_data|Configuration File'"
may help with catching such a mismatch.
And check that "squid -k parse" actually succeeds rather than fails
before it can get to email_err_data processing.
> Does the workaround work for Squid 6.8?
AFAICT, that workaround works similarly for Squid v6.8 and Squid v7.1.
FWIW, I do not think that email_err_data workaround covers all
problematic cases in all setups. It may cover cases that SQUID-2025:2
specifically talks about, but even that probably depends on "web
application" internals. See the first paragraph of [1] and note that
email_err_data affects %W but has no effect on %R. You should patch or
upgrade!
If you do rely on that workaround (instead of patching or upgrading),
then consider configuring your Squid to deny TRACE requests as well. See
the last paragraph of [1] for motivation.
HTH,
Alex.
[1]: For more information, see the commit message linked from the
"Updated Packages" section of the Advisory:
https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
