Juan Carlos Castro y Castro wrote:
> What bad can happen in this case? Doesn't squid refuse the connection
> request instantly if it comes from an acl-forbidden address?
ACL processing occurs rather late in the processing of requests, after
requests have been decoded and a number of other things which occur
prior to contacting the next hop. Also Squid ACL processing is fairly
complex by nature. Compared to the average code used in a firewall Squid
is huge with theoretically much more opportunities for errors,
especially if you add to the fact that firewall code is usually
througtfully audited, while Squid is not.
-- Henrik Nordstrom Spare time Squid hackerReceived on Tue Mar 23 1999 - 17:28:22 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:23 MST