Re: Inter-Squid firewalling

From: Anthony DeBoer <>
Date: 2 Jun 1997 18:05:18 -0000

Michael Hasenstein <> writes:
> I had the same problem, and I introduced a new directive
> 'behind_firewall'. which is only useful when the default is that squid can
> reach all hosts directly,i.e. inside_firewall is not set. ...

Not to play duelling patches or anything :-), but my patch is shorter and
has the advantage of being able to specify all three possible behaviours
for different subsets of hosts (eg. you're inside a firewall, must always
use a proxy for the Internet, must always go direct for local servers,
and want to use parent-or-direct behaviour for more distant IP-reachable
servers in your organization's network).

(The other likely three-cases situation is when you're on the Internet
and must use a proxy to access a related organization's "behind_firewall"
domain, but want to go always go direct to your own servers, and use
default behaviour for Internet hosts. That could admittedly be handled
by your patch plus an appropriate "!" in cache_host_domain

Anthony DeBoer <>                    #include <std.disclaimer>
Received on Mon Jun 02 1997 - 12:20:15 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:21 MST