Re: [squid-users] ACL to match arbitrary reply header, in-memoryfast authentication

From: Robert Collins <robertc@dont-contact.us>
Date: 05 Aug 2003 20:55:23 +1000

On Tue, 2003-08-05 at 16:20, Joshua Brindle wrote:
> hrm.. spawning 2 external processes per request when thousands
> of requests are going through is implausible..

You are misinformed about squids model for helpers. Processes are
persistent and have requests piped to them. This is how squid scales so
much more than apache.

> the authentication thing
> might be a little far fetched (and could be done externally if needed
> since it would only be spawned if the header was there, although
> I don't know how such an external process should work, unless
> there was a daemon which stored all the logged in people, anyway) but
> spawning an external acl on every single request just to check
> for a header is a bit excessive, there must be an easy way to match
> an arbitrary header from inside squid.
>
> I've been looking at the existing header matching acl's, MIMEtype, referer,
> browser, etc and I'm not sure how to do this without adding
> headers to enum.h explicitly :(

Well, you can test for arbitrary headers. I urge you to consider my
advice before tackling this as an in-squid project though. It's really
appropriate for external use, based on your description.

To do it in-source:
You'll need a new ACL specialisation, with requiresRequest() overridden
to return true. You then use httpHeaderGetByName to retrieve any headers
you wish to examine.

Cheers,
Rob

-- 
GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.

Received on Tue Aug 05 2003 - 04:55:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:36 MST