Re: Controlling neighbour access

From: Duane Wessels <>
Date: Wed, 19 Feb 97 13:55:55 -0800 writes:

>I'd like to be able to control which objects on our cache our neighbours
>have access to. If our organisation's internal documents are cached then
>it is possible that our neighbours could access these documents, bypassing
>any security that may be in place on the end web server.
>The trusting method (for the perfect world) is to ask the neighbours to
>put a 'cache_host_domain !' statement in their
>configs. This is also more efficient.
>To control it from our end I have tried the following:
>acl csiro src
>acl non_csiro_neighbour src
>acl csiro_url url_regex \.csiro\.au
>icp_access allow csiro
>icp_access deny csiro_url
>icp_access deny all !non_csiro_neighbour

You should duplicate each 'icp_access' line with 'http_access' also.

You might also want to add

    acl csiro_host dstdomain

Then you can catch numeric IP addresses in URLs.

Duane W.
Received on Wed Feb 19 1997 - 14:22:28 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:29 MST