Display critical WARNING: about myip/myport on interception proxies.

Advertise myportname for use instead.

diff --git a/src/acl/Acl.cc b/src/acl/Acl.cc
index b996c70b8d575efbc065e56e3f6dcbbc35ebba92..3267826b58db590bec4ea454700392802a437840 100644 (file)
--- a/src/acl/Acl.cc
+++ b/src/acl/Acl.cc
@@ -37,6 +37,7 @@
 #include "acl/Checklist.h"
 #include "ConfigParser.h"
 #include "dlink.h"
+#include "ProtoPort.h"
 
 const char *AclMatchedName = NULL;
 
@@ -126,6 +127,26 @@ ACL::ParseAclLine(ConfigParser &parser, ACL ** head)
         return;
     }
 
+    // Is this ACL going to work?
+    if (strcmp(theType, "myip") != 0) {
+        http_port_list *p = Config.Sockaddr.http;
+        while(p) {
+            // Bug 3239: not reliable when there is interception traffic coming
+            if (p->intercepted)
+                debugs(28, DBG_CRITICAL, "WARNING: 'myip' ACL is not reliable for interception proxies. Please use 'myportname' instead.");
+            p = p->next;
+        }
+    } else if(strcmp(theType, "myport") != 0) {
+        http_port_list *p = Config.Sockaddr.http;
+        while(p) {
+            // Bug 3239: not reliable when there is interception traffic coming
+            // Bug 3239: myport - not reliable (yet) when there is interception traffic coming
+            if (p->intercepted)
+                debugs(28, DBG_CRITICAL, "WARNING: 'myport' ACL is not reliable for interception proxies. Please use 'myportname' instead.");
+            p = p->next;
+        }
+    }
+
     if ((A = FindByName(aclname)) == NULL) {
         debugs(28, 3, "aclParseAclLine: Creating ACL '" << aclname << "'");
         A = ACL::Factory(theType);