RE: status code for authenticate_ip_ttl_is_strict

From: Chemolli Francesco (USI) <ChemolliF@dont-contact.us>
Date: Fri, 29 Jun 2001 08:56:49 +0200

> Bugzilla #114 is about authenticate_ip_ttl_is_strict. A user
> is suggesting
> that when a single user makes requests from different IP
> addresses, Squid
> should return 403 (Forbidden) instead of 407 (Proxy Auth Required).
>
> I don't see an simple way to accomodate this right now...

It is a different variation of a problem I had in the reverse, when I wanted
non-authenticated users to get a 407 instead of 403 (there is an
undocumented
-DDEFINE_KINKIES_407_HACK in squid-ntlm now to accomodate my needs).

I think that the problem is quite widespread in squid, in that we don't
have means expressive enough to return results to the user. Most of the
user-interaction-handling code is in client_side.c, which adds quite a lot
of informations by itself. Which works fine for "normal" cases, but doesn't
in variations thereof.
Again, it MIGHT boil down to the overall structure of squid, and COULD get
better once proper modularization is performed, with adequate inter-module
protocols. Those conditionals are due to the fact that I'm not experienced
enough in Squid internals to teach lessons to anyone, so I might very well
be contradicted, and in fact I wouldn't mind to be.
For instance, I can point out the overall request processing for Roxen, as
documented at
http://docs.roxen.com/roxen/2.1/programmer/introduction/index.html

It is a reasonably clean interface, with many hooks providing powerful APIs.
Maybe we can take inspiration from it.

-- 
	/kinkie
Received on Fri Jun 29 2001 - 00:50:16 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:04 MST