Re: Re: [squid-users] adaptation_access and rep_mime_type -- It doesn't seem to work

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 18 Apr 2011 14:21:47 +1200

 On Sun, 17 Apr 2011 13:17:29 -0600, Trever L. Adams wrote:
> On 01/-10/-28163 12:59 PM, Amos Jeffries wrote:
>> On 15/04/11 20:46, Trever L. Adams wrote:
>>> I am using squid 3.1.10. I have a virus scanner and a content
>>> classifier
>>> (to build content filter with Squid ACLs). The virus scanner has
>>> several
>>> modes. One scans transparently and passes on data in chunks. I have
>>> this
>>> working for various update sites, etc.
>>>
>>> However, I need to run streaming media through this. So I have acls
>>> like
>>> this:
>>> acl StreamMime rep_mime_type -i ^video/
>>> acl StreamMime rep_mime_type -i ^audio/
>>>
>>> adaptation_access updatesChain allow StreamMime
>> These would be the sites using flash multimedia. Which are neither
>> video/* nor audio/* media.
>>
>> Try with:
>> acl MediaMime rep_mime_type -i audio|video|flv|flash
>>
> Yes, I had flash covered in another rule, I forgot to paste it.
> Sorry.
>>
>> Should be working. But its not easy to tell what is going wrong
>> without the rest of the configuration context. Specifically
>> everything
>> about "updatesChain".
>>
>> Amos

> adaptation_service_chain standardChain svcClassify svcVirusScan
> adaptation_service_chain updatesChain svcClassify svcVirusScanUpdates

 And these are tested for RESPMOD services right?

 I was suspecting you hit the bug about RESPMOD not being passed the
 request details correctly. The SoftwareUpdateAgent and
 SoftwareUpdateDomain would always be failed-match with that bug and thus
 inverted to be "true" in standardChain.

>
> adaptation_access standardChain allow !SoftwareUpdateAgent
> !SoftwareUpdateDomain !SoftwareUpdateMime !StreamMime
> adaptation_access standardChain deny all
> adaptation_access updatesChain allow SoftwareUpdateAgent
> adaptation_access updatesChain allow SoftwareUpdateDomain
> adaptation_access updatesChain allow SoftwareUpdateMime
> adaptation_access updatesChain allow StreamMime
> adaptation_access updatesChain deny all
>
> These are c_icap modules. svcClassify is one I have written but
> haven't
> upstreamed yet. (Still trying to get a good base trained set for
> people
> to use.) It is currently set to only process images (flash, video,
> etc.
> is ignored with 204).
>
> The virus modules are the same, one is in a virulator mode (where
> anything over a certain size isn't directly downloaded). The other
> (updatesChain) is in a simple mode which should work well for
> streaming.
>
> My entire StreamMime:
>
> acl StreamMime rep_mime_type -i ^video/
> acl StreamMime rep_mime_type -i ^audio/
> acl StreamMime rep_mime_type -i ^application/octet-stream$
> acl StreamMime rep_mime_type -i application/octet-stream
> acl StreamMime rep_mime_type -i ^application/x-mplayer2$
> acl StreamMime rep_mime_type -i application/x-mplayer2
> acl StreamMime rep_mime_type -i ^application/x-oleobject$
> acl StreamMime rep_mime_type -i application/x-oleobject
> acl StreamMime rep_mime_type -i application/x-pncmd
> acl StreamMime rep_mime_type -i ^application/x-shockwave-flash$
> acl StreamMime rep_mime_type -i audio|video|flv|flash

 Lot of overlap there. It will reduce down to this:

  acl StreamMime rep_mime_type -i
 application/(octet-stream|x-mplayer2|x-oleobject|x-pncmd)
  acl StreamMime rep_mime_type -i audio|video|flv|flash

>
>
> SoftwareUpdate* is too big to post here. It works except (even mime
> types) which I cannot explain.
>
> Thank you,
> Trever

 Amos
Received on Mon Apr 18 2011 - 02:21:53 MDT

This archive was generated by hypermail 2.2.0 : Sat Apr 30 2011 - 12:00:04 MDT