Re: acl question

From: Henrik Nordstrom <>
Date: Tue, 07 Jul 1998 23:09:25 +0200

A.R. Cache Op wrote:
> http_access allow arlocal
> http_access deny !arlocal kozak
> miss_access allow arlocal
> miss_access deny !arlocal kozak
> In theory that should block this person out ?

The ACL lists is searched in the order specified, and the search
terminates as soon as there is a match. The correct list is

# Deny kozak access to the cache
http_access deny kozak
# Allow arlocal to use the cache
http_access allow arlocal
# Deny all else
http_access deny all

# Allow everyone with access to the cache to fetch new objects
miss_access allow all

You don't need to specify miss_access. A person does not have
miss_access unless he has http_access as well. miss_access is used to
further limit the rights when you have sibling caches that should only
be allowed to fetch previously cached objects from you.

miss_access does not work well in 1.1.X or 1.2beta releases up to 22
(the next beta release should have this fixed if I am not misinformed,
1.2 sure will). Only use it if a sibling misbehaves or the sibling won't
be your sibling for long.

Henrik Nordström
Sparetime Squid Hacker
Received on Tue Jul 07 1998 - 14:12:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:04 MST