Re: Squid acl access - neighbours & parents..

From: Michael James <>
Date: Wed, 11 Sep 1996 15:05:20 +1000

> wrote:
>>someone close to us netwise wants to neighbour with us,
>> but is there a way I can stop them using us as a parent?

We are part of a regional network, it makes sense for us to peer
 with the other members. But like gordon we don't want to be used as
 a parent from outside our domain.

My expectation of peer behaviour is that only if the request is in the cache
 is it is answered, there is no way for a peer to force a fetch.
Am I right? If so it is OK to allow friends access to the peer port.

icp_access deny !friend1 !friend2

On the parent port we have these access-lists (acl)s:

acl from-inside src <our class c net/>
acl for-us domain <our domain name>

http_access allow from_inside
http_access deny !for_us

Now our cache runs as a parent for internal hosts and as an accelerator
 for outsiders visiting our servers.

The idea behind this is to throw the bucks at the squid (big machine, fast
network) and let a relatively small machine sit behind it running the
Soon all local info is cached and only needs to be replaced as it changes.

Duane, you thought there was some work to be done
 before peers could be controlled, am I missing something?



    Michael James
  IT Development and Integration, University of Canberra, Australia

   Lets face it: even if we had complete leisure and infinite money
We would never find anything as interesting as the internet to work on
Received on Tue Sep 10 1996 - 22:07:38 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:59 MST