On 06/27/2012 05:09 AM, Alexander Holler wrote:
> Am 27.06.2012 12:57, schrieb Henrik Nordström:
>> ons 2012-06-27 klockan 10:45 +0200 skrev Alexander Holler:
>>>> Agreed. With the change to support arbitrary headers in
>>>> request_header_access this patch is not needed. We could also forget
>>>> many other less common headers.
>>> It is, at least if people are using whitelists for headers which can
>>> pass the proxy.
>> With the patch to support arbitrary headers in request_header_access you
>> can match any header, and having the header defined in the source is
>> only an optimization for frequently accessed headers.
> And it will require the need for a rewrite of the configuration and
Would not both your patch and the general request_header_access patch
require configuration changes?
> doesn't help people which want or have to live with current versions.
Both your patch and the general request_header_access patch can be
applied to "current versions". I agree that your patch is a lot easier
to port, of course. If general request_header_access is not backported,
your patch may be accepted for those versions instead.
> The patch was meant for the current (and maybe older) versions and I'm
> just unable to understand the high resistance to include such a simple
> two-line patch. Maybe the resistance is motivated by the header itself
> and not the patch, I don't know and have to speculate.
You do not have to speculate. The resistance, at least on my part, is
motivated by the "death by thousands cuts" principle: Yes, we can
hard-code explicit handling of hundreds of headers that Squid does not
need to know about. Any single addition will help somebody and has
negligible negative side effects on its own, but in aggregate, they make
the code and performance worse.
This has nothing to do with the header itself. I know little about DNT,
but my response would be the same if the header was named DT :-)
BTW, do you or somebody you know run Squid with a white list of headers
(denying all other headers)? I am curious if such an approach can work
in a general deployment environment because it feels like it would break
many benign applications behind a proxy.
Thank you,
Alex.
Received on Wed Jun 27 2012 - 16:41:50 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 30 2012 - 12:00:06 MDT