Martin Sperl wrote:
Hi!
We have the following (essential) ICAP configuration with squid 3.1.3:
adaptation_access modify_request allow HTTP GETPOST hosts_allowed
adaptation_access modify_request deny all
adaptation_access modify_response allow HTTP GETPOST hosts_allowed
modify_response_mimetype
adaptation_access modify_response deny all
The ICAP request modification server rewrites the host of the URL that is
really proxied.
But then on the response-modification the hosts_allow ACL does no longer match
as it seems to match the translated URL, which is obviously different (and
dynamic, so we cannot configure it in squid).
So is there a ACL construct that we may use to say: everything where the request has been modified
matches, so that we can use this ACL instead of "hosts_allowed" in the
"adaptation_access modify_response" command?
Nothing of that description exists at present.
The easiest way is to use request header matching to identify a header
your ICAP server adds.
Though if you have no control over the ICAP server and it changes no
headers (strange, but possible) external_acl_type (for req) and a tag
ACL (for resp) can be a quite hacky workaround.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.4
