[squid-users] ACL defaults

From: <johnsuth@dont-contact.us>
Date: Sat, 5 Feb 2005 13:50:44

  
Squid.conf seems not to change much over recent versions, so these remarks probably apply
to the .conf you are using.
  
For the tag http_access, my .conf says:-
  
"NOTE on default values:
If there are no 'access' lines present, the default is to deny the request."
  
This implies DENY BY DEFAULT which is a common convention in this context.
  
However all following text contradicts that. e.g.:-
  
"If none of the access lines causes a 'match', the default is the opposite of the last line
in the list. If the last line was deny, then the default is allow. Conversly, if the last line
is allow, the default will be deny. For these reasons, it is a good idea to have an 'deny
all' or 'allow all' entry at the end of your access lists to avoid POTENTIAL CONFUSION."
  
Whilst this looks like English, it is not.
  
"And finally deny all other access to this proxy.
http_access deny all"
 
If we deny by default, then we do not need this rule, because anything not specifically
allowed is automatically denied.
 
 
So is there a default behavior when no rule is matched?
  
Can you share it with us?
  
If you tell me it depends on the build, I will believe you.
  
Thanks.
  

John Sutherland
Phone & Fax +61 2 4683 1511
9 Meryla Street, Couridjah NSW 2571 Australia
Received on Fri Feb 04 2005 - 19:51:11 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST