Re: [squid-users] External ACL with tcp_outgoing_ from Henrik Nordstrom on 2003-09-07 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 7 Sep 2003 19:28:39 +0200

On Sunday 07 September 2003 16.13, squid-adm@univer.kharkov.ua wrote:

> please, tell me, can I use external ACL with "tcp_outgoing_"
> options (and with "tcp_outgoing_address" option in particular)?

Not reliably as tcp_outgoing_* is a non-blocking acl lookup and can
not wait for external lookups to complete (DNS or external_acl_type).

But if you force the acls to be evaluated in http_access then you
should get somewhat meaningful results.

To force an acl to be evaluated in http_access use a construct like
this before where you allow access

acl none src 0.0.0.0/32

acl xxx ...
http_access deny xxx none

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Sun Sep 07 2003 - 11:28:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:34 MST