Hello all,
it's my first post here - hope i do everything right.
my constellation:
Squid 2.7 Stable 8 and also tried with a 3 Version
OS Windows 2000/XP tried both
My Problem is version and OS independent
my problem:
Try to remove a existing http header from a response fom the Ebay
Server. it's a advertising cookie.
to my understanding the ACL keyword rep_header is used for ACL's
1. Try
add the following (Version 2.7):
acl cebay rep_header Set-Cookie ebay
header_access Set-Cookie deny cebay
the logfile show the following:
2012/11/27 16:02:20| aclMatchIp: '192.168.178.11' found
2012/11/27 16:02:20| aclMatchAclList: returning 1
2012/11/27 16:02:20| aclCheck: match found, returning 1
2012/11/27 16:02:20| aclCheckCallback: answer=1
2012/11/27 16:02:20| The request GET http://www.ebay.de is ALLOWED,
because it matched 'localnet'
2012/11/27 16:02:20| aclMatchAclList: checking cebay
2012/11/27 16:02:20| aclMatchAcl: checking 'acl cebay rep_header
Set-Cookie ebay'
2012/11/27 16:02:20| aclMatchAclList: no match, returning 0
2012/11/27 16:02:20| aclMatchAclList: checking cebay
2012/11/27 16:02:20| aclMatchAcl: checking 'acl cebay rep_header
Set-Cookie ebay'
2012/11/27 16:02:20| aclMatchAclList: no match, returning 0
2012/11/27 16:02:20| aclMatchAclList: checking cebay
2012/11/27 16:02:20| aclMatchAcl: checking 'acl cebay rep_header
Set-Cookie ebay'
2012/11/27 16:02:20| aclMatchAclList: no match, returning 0
2012/11/27 16:02:20| aclMatchAclList: checking cebay
2012/11/27 16:02:20| aclMatchAcl: checking 'acl cebay rep_header
Set-Cookie ebay'
2012/11/27 16:02:20| aclMatchAclList: no match, returning 0
2012/11/27 16:02:20| aclMatchAclList: checking cebay
2012/11/27 16:02:20| aclMatchAcl: checking 'acl cebay rep_header
Set-Cookie ebay'
2012/11/27 16:02:20| aclMatchAclList: no match, returning 0
2012/11/27 16:02:20| aclMatchAclList: checking all
2012/11/27 16:02:20| aclMatchAcl: checking 'acl all src all'
2012/11/27 16:02:20| aclMatchIp: '192.168.178.11' found
2012/11/27 16:02:20| aclMatchAclList: returning 1
2012/11/27 16:02:20| aclCheck: checking 'http_reply_access allow all'
2012/11/27 16:02:20| aclMatchAclList: checking all
2012/11/27 16:02:20| aclMatchAcl: checking 'acl all src all'
2012/11/27 16:02:20| aclMatchIp: '192.168.178.11' found
2012/11/27 16:02:20| aclMatchAclList: returning 1
2012/11/27 16:02:20| aclCheck: match found, returning 1
2012/11/27 16:02:20| aclCheckCallback: answer=1
2012/11/27 16:02:20| The reply for GET http://www.ebay.de/ is ALLOWED,
because it matched 'all'
the acl cebay is checked 5 times, because of the presence of 5
Set-Cookie Header in the reply of the Ebay Server.
but non off this has a match.
The first of the Set-Cookie is always ebay and should give a match.
if i debug the program with Windb i found out, that Sub aclMatchAclList
calls the function aclMatchAcl
then here it return with 0, so checklist->reply seems to be false...
case ACL_REP_HEADER:
if (!checklist->reply)
return 0;
return aclMatchHeader(ae->data, &checklist->reply->header);
dont't understand realy, that reply is empty - because it sees the
header also (5 times Set-Cookie)
am i wrong or is ther a bug.
in Squid 3 the following error is showed: "ACL is used but there is no
HTTP reply"
2. Try
added the following:
acl cebay rep_header Set-Cookie ebay
http_reply_access deny cebay
this work like i expected - get a access deny becaus of the existence of
the Set-Cookie ebay=....
when i change the acl to:
acl cebay rep_header Set-Cookie nonsession
or
acl cebay rep_header Set-Cookie dp1
access isn't denied although there is a Set-Cookie nonsession=... or
Set-Cookie dp1=...
seem like it just checks the first presence of the Set-Cookie Header Value.
Shouldn't it look for all headers?
Would appricate any help for a solution for my wish to remove a existing
Set-Cookie response.
Andreas
Received on Tue Nov 27 2012 - 15:44:13 MST
This archive was generated by hypermail 2.2.0 : Tue Nov 27 2012 - 12:00:04 MST