git.ipfire.org Git - thirdparty/squid.git/commit

transaction_initiator ACL for detecting various unusual transactions

This ACL is essential in several use cases, including:

* After fetching a missing intermediate certificate, Squid uses the
  regular cache (and regular caching rules) to store the response. Squid
  deployments that do not want to cache regular traffic need to cache
  fetched certificates and only them.

  acl fetched_certificate transaction_initiator certificate-fetching
  cache allow fetched_certificate
  cache deny all

* Many traffic policies and tools assume the existence of an HTTP client
  behind every transaction. Internal Squid requests violate that
  assumption. Identifying internal requests protects external ACLs, log
  analyzers, and other mechanisms from the transactions they mishandle.

  acl skip_logging transaction_initiator internal
  access_log ... !skip_logging

The new transaction_initiator ACL classifies transactions based on their
initiator. Currently supported initiators are esi, certificate-fetching,
cache-digest, internal, client, and all. In the future, the same ACL
will be able to identify HTTP/2 push transactions using the "server"
initiator. See src/cf.data.pre for details.

This is a Measurement Factory project.

author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Mon, 12 Jun 2017 20:26:41 +0000 (23:26 +0300)
committer	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Mon, 12 Jun 2017 20:26:41 +0000 (23:26 +0300)
commit	5ceaee752b4a01c8a4fd8ab3071ce369a552d04e
tree	52240bccaf8080adbe82f275088a1d67d5c35873	tree \| snapshot
parent	a0924f71b189a7070b618d59ff11b51aac7da3a6	commit \| diff

src/AclRegs.cc		diff \| blob \| blame \| history
src/Downloader.cc		diff \| blob \| blame \| history
src/Downloader.h		diff \| blob \| blame \| history
src/HttpRequest.cc		diff \| blob \| blame \| history
src/HttpRequest.h		diff \| blob \| blame \| history
src/Makefile.am		diff \| blob \| blame \| history
src/MasterXaction.h		diff \| blob \| blame \| history
src/PeerPoolMgr.cc		diff \| blob \| blame \| history
src/RequestFlags.h		diff \| blob \| blame \| history
src/XactionInitiator.cc	[new file with mode: 0644]	blob
src/XactionInitiator.h	[new file with mode: 0644]	blob
src/acl/Asn.cc		diff \| blob \| blame \| history
src/acl/Makefile.am		diff \| blob \| blame \| history
src/acl/TransactionInitiator.cc	[new file with mode: 0644]	blob
src/acl/TransactionInitiator.h	[new file with mode: 0644]	blob
src/adaptation/ecap/Host.cc		diff \| blob \| blame \| history
src/adaptation/ecap/XactionRep.cc		diff \| blob \| blame \| history
src/adaptation/icap/ModXact.cc		diff \| blob \| blame \| history
src/adaptation/icap/Xaction.cc		diff \| blob \| blame \| history
src/cf.data.pre		diff \| blob \| blame \| history
src/client_side.cc		diff \| blob \| blame \| history
src/client_side.h		diff \| blob \| blame \| history
src/client_side_reply.cc		diff \| blob \| blame \| history
src/client_side_request.cc		diff \| blob \| blame \| history
src/client_side_request.h		diff \| blob \| blame \| history
src/comm/TcpAcceptor.cc		diff \| blob \| blame \| history
src/esi/Include.cc		diff \| blob \| blame \| history
src/forward.h	[new file with mode: 0644]	blob
src/htcp.cc		diff \| blob \| blame \| history
src/icmp/net_db.cc		diff \| blob \| blame \| history
src/icp_v2.cc		diff \| blob \| blame \| history
src/mgr/Inquirer.cc		diff \| blob \| blame \| history
src/mime.cc		diff \| blob \| blame \| history
src/neighbors.cc		diff \| blob \| blame \| history
src/peer_digest.cc		diff \| blob \| blame \| history
src/security/PeerConnector.cc		diff \| blob \| blame \| history
src/servers/FtpServer.cc		diff \| blob \| blame \| history
src/servers/Http1Server.cc		diff \| blob \| blame \| history
src/servers/Server.h		diff \| blob \| blame \| history
src/store_digest.cc		diff \| blob \| blame \| history
src/tests/stub_HttpRequest.cc		diff \| blob \| blame \| history
src/tests/testHttpRequest.cc		diff \| blob \| blame \| history
src/urn.cc		diff \| blob \| blame \| history