Re: [squid-users] src and dst difference

From: Colin Campbell <sgcccdc@dont-contact.us>
Date: Thu, 30 Aug 2001 10:21:37 +1000 (EST)

Hi,

On Wed, 29 Aug 2001 plendon@microelectronics.com wrote:

> Hi all,
>
> I understand "src". I use src acl's to allow/deny ip addresses.
> ex. acl mis_net src xx.xx.xx.x/255.255.255.0
>
> I've read the faqs and any archive with "dst".
>
> Can someone please explain the differences of src and dst?
> When would I ever use or need dst?
> I'm not clear on dst.

"src" is matched against the ip address of the system making the
connection to your squid proxy.

"dst" is matched against the ip address of the destination in the
HTTP request made to your proxy.

For example (assume my host ip = 192.168.1.1)

acl mynet src 192.168.1.0/255.255.255.0
acl myintranet dst intranet.my.domain

I connect to proxy. If there is a rule (eg, http_access) using acl
"mynet", then the netmask from "mynet" will be applied to the ip address
of the connecting host (eg: 192.168.1.1 AND 255.255.255.0) and the
result (192.168.1.0) is compared against the address (192.168.1.0) in acl
"mynet" (in this case it matches).

Now, suppose my browser wants to connect to intranet.my.domain. It asks
the proxy to connect to "intranet.my.domain". If there are any rules (eg
http_access, always_direct, never_direct) using acl "myintranet", the
proxy will compare the requested destination with "myintranet" and then
take teh action specified by the rule depending on whether there's a match
or not.

I would guess "src" is mostly used in acls for controlling access (eg
http_access) while "dst" is mostly used in always_direct and never_direct
configurations.

Colin
Received on Wed Aug 29 2001 - 18:22:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:57 MST