Re: [squid-users] Proper Access ACLs

From: Michael Puckett <Michael.Puckett@dont-contact.us>
Date: Thu, 03 May 2007 08:03:54 -0700

Henrik Nordstrom wrote:
> ons 2007-05-02 klockan 16:00 -0700 skrev Michael Puckett:
>
>> a path outside to reach the server "external.com". Will the following
>> configuration directives route requests to "external.com" ONLY through
>> "extern-proxy.mydomain" while keeping all other requests inside my own
>> domain? Is this the correct way to do this, or is there another
>> recommendation for configuring for this case?
>>
>> cache_peer extern-proxy.mydomain parent 8181 5151 no-query no-digest
>>
>> acl OUTSIDE dstdomain external.com
>>
>> cache_peer_access allow OUTSIDE
>> cache_peer_access deny all
>>
>
> Ok.
>
Thank you...
>
>> always_direct allow all
>> never_direct deny all
>>
>
> Not ok. Says Squid should always go direct, ignoring whatever cache_peer
> you have..
>
>
> Should probably be just
>
> never_direct allow OUTSIDE
>
> with no always_direct rule specified at all, or a "deny all" rule if you
> like (it's the default).
>
So this then says that OUTSIDE should never go direct I understand,
with the implication that everything else is always direct? What tells
everything else to go direct?

What would get the default "deny all"? Would that be "never_direct deny
all" or "always_direct deny all"

Regards
-mikep
Received on Thu May 03 2007 - 09:04:07 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT