Hi Alex,
Thanks for the quick response.
Regarding proxy_protocol - is there a known patch for v4 I could use by any
chance?
Regarding icap, I suppose the acl is getting evaluated before the icap and that
is why they aren't available:
external_acl_type TransactionClassificator \
concurrency=0 \
children-max=2 \
ttl=60 \
%ssl::>sni \
/usr/local/squid/bin/classify-transaction.sh
acl classifyRequest external TransactionClassificator
acl step1 at_step SslBump1
acl step2 at_step SslBump2
ssl_bump peek step1
ssl_bump splice step2 classifyRequest
ssl_bump stare all
ssl_bump bump all
Thanks,
Frida
________________________________
From: Alex Rousskov <rouss...@measurement-factory.com>
Sent: Sunday, June 13, 2021 17:46
To: squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org>
Cc: Frida Safran <fsaf...@proofpoint.com>
Subject: Re: [squid-users] Passing Proxy Protocol Headers to external ACL
On 6/13/21 7:31 AM, Frida Safran wrote:
> 1. Is it possible to pass proxy protocol headers to an external acl as
> part of the format?
It should be possible. Use %proxy_protocol::>h logformat %code in your
external_acl_type FORMAT configuration. We added that support to Squid
v5. Not available in the official v4.
> 2. Is it possible to pass all/specific icap headers to an external acl?
> I have been trying to use %icap::>h to pass all the icap headers to
> an external acl, but it resolves to "-"
It should be possible if your external ACL is evaluated _after_ the
corresponding ICAP headers are received, but I would not be surprised if
there are bugs in this area -- the ICAP headers may be available but not
provided to the ACL evaluation code. Which squid.conf directive is
triggering your external ACL evaluation in this use case?
HTH,
Alex.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
