mån 2003-04-28 klockan 18.37 skrev Robert Borkowski:
> Bug #526 refers to the 'feature' of turning off ICP when accelerated
> mode is on.
Yes..
> If we want to use ICP within our reverse accelerator farm we have to
> enable
> httpd_accel_with_proxy which lets anyone use our accelerator farm as a
> forward proxy...
Subject to http_access yes.
An accelerator should have http_access rules strictly limiting which
destinations may be reached via the accelerator, just as a proxy should
have rules limiting who may use the proxy.
> My patch adds a proxy_access ACL similar to the http_access ACL, and
> enables ICP without
> having httpd_accel_with_proxy on. Here's an excerpt from our config:
>
> httpd_accel_with_proxy no
> acl siblings src 10.5.0.0/255.255.255.0
> proxy_access allow siblings
> proxy_access deny all
Ok. Now you make sense.
This should not be a new *_access directive, but simply an acl to
http_access so http_access can have different restrictions depending on
if the traffic is accelerated or proxied.
Note however that it is not always possible to tell one from the other
at the protocol level if you want to be RFC compliant. Because of this
Squid-3 separates the traffic into different http_port.
-- Henrik Nordstrom <hno@marasystems.com> MARA Systems ABReceived on Mon Apr 28 2003 - 11:57:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:43 MST