mån 2003-09-08 klockan 17.49 skrev squid-adm@univer.kharkov.ua:
> But I have one more question related this subject:
> can some requests passed through the ACL ext_acl
> ("http_access deny ext_acl fake_acl") use different source address
> then x.x.x.x, if options
> tcp_outgoing_address x.x.x.x ext_acl
> tcp_outgoing_address y.y.y.y
> exist below?
Yes. Occasionally the ext_acl may fail in tcp_outgoing_address. This can
happen if the configured ttl for the acl expires between http_access and
tcp_outgoing_address. This applies to all types of ACLs requiring
external lookups of some kind (i.e. external or dns based ACLs).
Another case where this will happen but more consistently (i.e. all the
time) is if the acl requires information not available to
tcp_outgoing_address. In such case the ext_acl will never give correct
results in tcp_outgoing_address even if also evaluated in http_access.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Mon Sep 08 2003 - 10:15:35 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:35 MST