Re: [squid-users] Can only GET with never_direct deny

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 13 Jun 2002 13:28:15 +0200

You probably want

always_direct allow localnet
never_direct allow all

A big difference between GET/POST is that GET will always use your
parents unless overridden by always_direct, and POST will never use
your parents unless forced by never_direct..

GET is usually seen as a cacheable request
POST is never seen as a cacheable request

Squid by default only uses parents on requests where it thinks the
result may be cached.

Note: The default setting is equivalent to
always_direct deny all
never_direct deny all

Which says that Squid is not forced to go direct on any requests, and
not forced to use parents on any requests, allowing Squid to pick
what it feels is most suitable for the request in question.

Regards
Henrik

On Thursday 13 June 2002 12:51, Francis Turner wrote:
> USING 2.4STABLE6
>
> This is weird, I can HTTP_GET but not HTTP_POST when I use
> never_direct deny A.B.C.D/255.255.255.0
>
> On the other hand HTTP_POST works if I replace with
> never_direct allow all
>
> The same applies to SSL (i.e. behaves like HTTP_POST).
>
> Is this a bug or a config issue? (relevant squid.conf bits below)
>
> Francis
>
>
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl localnet src 10.1.1.0/255.255.255.0
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow localhost
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localnet
> http_access deny all
>
>
> cache_peer 195.126.5.204 parent 8080 3130 default no-query
> #never_direct deny localhost
> never_direct deny localnet
> #never_direct allow all
Received on Thu Jun 13 2002 - 05:53:40 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:40 MST