[squid-users] HTTP extension_methods do not work in ACL

From: Frédéric Pailler <fpailler@dont-contact.us>
Date: Fri, 16 Jun 2006 09:27:34 +0200

Hi, I checked the FAQ, bugzilla and the archives of this list without finding anything... I am trying to apply what was described in this mail : http://www.squid-cache.org/mail-archive/squid-users/200204/1013.html The aim is : - to make Squid relay new methods - to restrict these to some users only Did anyone set up such a config ? As a proof of concept, I used the following (minimized) squid.conf : http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 extension_methods TOTO acl all src 0.0.0.0/0.0.0.0 acl TEST method TOTO http_access allow TEST http_access deny all http_reply_access allow all icp_access allow all coredump_dir /var/spool/squid As is, the TOTO method does not pass through Squid, but it should ! Any other methods are also blocked (normal). If I suppress the "allow TEST" line and change the next line to "allow all", everything pass through, even the TOTO method (hence the "extension_methods" tag works). If I use a standard method (like GET) in the ACL, it works fine. I also checked the cache.log in debug mode. I also tried to put the "extension_methods" tag at differents positions in the squid.conf file... Conclusion : when processing an ACL on HTTP methods, Squid does not take into account methods declared in the "extension_methods" tag. Do you think it is a bug or did I misunderstand something ? Thank you in advance for any help or advice. Frédéric Pailler Network and Security Projet Manager --------------------- ALICE SECURITE ENFANTS --------------------- Protégez vos enfants des dangers d'Internet en installant Sécurité Enfants, le contrôle parental d'Alice. http://www.aliceadsl.fr/securitepc/default_copa.asp
Received on Fri Jun 16 2006 - 01:27:42 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:01 MDT