From 972dcb88b04b406d3f2d63f4cd4e56eb43af1b1c Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 17 Jun 2011 07:07:07 -0600
Subject: [PATCH] Display critical WARNING: about myip/myport on interception
 proxies.

Advertise myportname for use instead.
---
 src/acl/Acl.cc | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/acl/Acl.cc b/src/acl/Acl.cc
index b996c70b8d..3267826b58 100644
--- a/src/acl/Acl.cc
+++ b/src/acl/Acl.cc
@@ -37,6 +37,7 @@
 #include "acl/Checklist.h"
 #include "ConfigParser.h"
 #include "dlink.h"
+#include "ProtoPort.h"
 
 const char *AclMatchedName = NULL;
 
@@ -126,6 +127,26 @@ ACL::ParseAclLine(ConfigParser &parser, ACL ** head)
         return;
     }
 
+    // Is this ACL going to work?
+    if (strcmp(theType, "myip") != 0) {
+        http_port_list *p = Config.Sockaddr.http;
+        while(p) {
+            // Bug 3239: not reliable when there is interception traffic coming
+            if (p->intercepted)
+                debugs(28, DBG_CRITICAL, "WARNING: 'myip' ACL is not reliable for interception proxies. Please use 'myportname' instead.");
+            p = p->next;
+        }
+    } else if(strcmp(theType, "myport") != 0) {
+        http_port_list *p = Config.Sockaddr.http;
+        while(p) {
+            // Bug 3239: not reliable when there is interception traffic coming
+            // Bug 3239: myport - not reliable (yet) when there is interception traffic coming
+            if (p->intercepted)
+                debugs(28, DBG_CRITICAL, "WARNING: 'myport' ACL is not reliable for interception proxies. Please use 'myportname' instead.");
+            p = p->next;
+        }
+    }
+
     if ((A = FindByName(aclname)) == NULL) {
         debugs(28, 3, "aclParseAclLine: Creating ACL '" << aclname << "'");
         A = ACL::Factory(theType);
-- 
2.47.2