Re: [squid-users] Delivering ident to url_rewrite_program

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 27 Oct 2008 20:13:50 +1300

Stefan Adams wrote:
> On Sun, Oct 26, 2008 at 8:35 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> Stefan Adams wrote:
>>> In squid 3.0STABLE9:
>>> Following "Redirector interface is broken re IDENT values" from
>>> http://wiki.squid-cache.org/SquidFaq/SquidRedirectors, I can see ident
>>> requests appearing in access.log, but with a url_rewrite_program of
>>> /usr/bin/tee, the ident field is ALWAYS '-'. I have never been able
>>> to get the ident field in the output of /usr/bin/tee to display the
>>> ident field that is shown in the access.log when using squid 3.0.
>>>
>>> In squid 2.5STABLE10:
>>> Using the exact same ident instructions from the FAQ, the ident column
>>> is correct in both the access.log AND in the output of /usr/bin/tee as
>>> the rewrite_program.
>>>
>>> So... Is this a bug in 3.0 or is there a directive that I am missing
>>> that is not in the FAQ?
>> Your 2.5 configuration has "ident REQUIRED" which is missing from the 3.0
>> config. This will result in squid 3.0 not waiting for the ident response to
>> arrive before passing it to the redirector.
>
> I've tried each
> acl reqident ident cogent AND acl reqident ident REQUIRED
> with squid 3.0. Neither of these caused squid to wait for the ident response.
>
> I don't quite follow your response; were you saying that it would work
> if my config shown below had acl reqident ident REQUIRED?
> Unfortunately, that also did not work. I got the same results where
> squid did not wait for an ident response.

It should wait yes. You seem to have uncovered a bug.

I do not have time right now to track it down, please check bugzilla
about whether its already been reported. If not please add a new bug
report with what traces you can do.

Thanks
Amos

>>
>>> Thanks!
>>> Stefan
>>>
>>> # cat /tmp/squid-3.0.conf
>>> debug_options 29,3 30,3 28,3 33,3
>>> acl termserv src 192.168.0.112
>>> acl reqident ident cogent
>>> ident_lookup_access allow termserv
>>> ident_lookup_access deny all
>>> http_access allow reqident termserv
>>> http_access deny reqident
>>> url_rewrite_access allow all
>>> url_rewrite_children 1
>>> http_port 3128
>>> access_log /var/log/squid/access.log squid
>>> url_rewrite_program /usr/bin/tee -a /tmp/redirector.log
>>> cache_effective_user squid
>>> cache_effective_group squid
>>>
>>> # cat /tmp/squid-2.5.conf
>>> debug_options 29,3 30,3 28,3 33,3
>>> acl all src 0.0.0.0/0.0.0.0
>>> acl termserv src 192.168.0.112
>>> acl reqident ident REQUIRED
>>> http_access allow reqident termserv
>>> http_access deny reqident
>>> redirect_children 1
>>> redirect_program /usr/bin/tee -a /tmp/redirector.log
>>>
>>> # cat /tmp/redirector.log
>>> http://checkip.cogent.com/favicon.ico 192.168.0.112/- - GET
>>> myip=192.168.0.1 myport=3128
>>> http://checkip.cogent.com/favicon.ico 192.168.0.112/- HP_Administrator GET
>>
>> --
>> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
>>

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
Received on Mon Oct 27 2008 - 07:13:55 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 27 2008 - 12:00:05 MDT