Re: A hierarchy_stoplist question ...

From: Duane Wessels <wessels@dont-contact.us>
Date: Thu, 22 Apr 1999 19:40:39 -0600

Henny Bekker writes:

>Dear Squid users,
>
>I hope someone can help me with this question concerning the configuration
>of Squid v2.1 ..
>
>On our toplevel cache (Squid v2.1-PL2) we have configured a number of ACL's
>to block all ports except the HTTP, FTP, Gopher and all ports above 1024.
>This with the next ACL's
> ACL Safe_ports 80 21 70 1025-65535
> http_access deny !Safe_ports
>Some users connected to a first level cache (a child cache of our toplevel
>cache) wants to connect to a Web-server running on port 81. This request
>is routed to our toplevel cache which is (of course) blocked with an error
>message.
>What can I do on my first level caches to prevent requests, using other
>ports then the "Safe_port", from being send to the toplevel cache??
>I'm thinking of using the "hierarchy_stoplist" for it, but that will use
>only a list of words and no ALC's....

Try something like this:

        cache_peer_access parentcache.foo.org allow Safe_ports

Then, Squid should not forward requests to 'parentcache.foo.org' for
port 81, etc.

Duane W.
Received on Thu Apr 22 1999 - 19:25:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:55 MST