Re: [squid-users] Proper Access ACLs

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 03 May 2007 14:01:18 +0200

ons 2007-05-02 klockan 16:00 -0700 skrev Michael Puckett:
> a path outside to reach the server "external.com". Will the following
> configuration directives route requests to "external.com" ONLY through
> "extern-proxy.mydomain" while keeping all other requests inside my own
> domain? Is this the correct way to do this, or is there another
> recommendation for configuring for this case?
>
> cache_peer extern-proxy.mydomain parent 8181 5151 no-query no-digest
>
> acl OUTSIDE dstdomain external.com
>
> cache_peer_access allow OUTSIDE
> cache_peer_access deny all

Ok.

> always_direct allow all
> never_direct deny all

Not ok. Says Squid should always go direct, ignoring whatever cache_peer
you have..

Should probably be just

never_direct allow OUTSIDE

with no always_direct rule specified at all, or a "deny all" rule if you
like (it's the default).

Regards
Henrik

Received on Thu May 03 2007 - 06:01:23 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT