Re: [squid-users] Proper Access ACLs

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 03 May 2007 20:57:13 +0200

tor 2007-05-03 klockan 08:03 -0700 skrev Michael Puckett:

> > Should probably be just
> >
> > never_direct allow OUTSIDE
> >
> > with no always_direct rule specified at all, or a "deny all" rule if you
> > like (it's the default).
> >
> So this then says that OUTSIDE should never go direct I understand,
> with the implication that everything else is always direct? What tells
> everything else to go direct?

The fact that there is no peer it may go via..

> What would get the default "deny all"? Would that be "never_direct deny
> all" or "always_direct deny all"

Default for both directives is deny all.

Squid first checks always_direct. If allow it goes direct and does not
look any further to find a path where to send the request.

Then it checks never_direct. If allow then it knows going direct is not
an option.

Then it selects and weights the available paths (cache_peers + direct)

Regards
Henrik

Received on Thu May 03 2007 - 12:57:20 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT