Re: [squid-users] 2 squid server in different network (Urgent)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 25 Feb 2004 14:30:48 +0100 (CET)

On Wed, 25 Feb 2004, Muthukumar wrote:

> If the squid is going to handle ip-addresses which are in the particular
> network (172.16.1.0).And it is not going to handle other requests means,
> then what is the difference between
>
> 0.0.0.0/0 and 172.16.1.0/255.255.255.0

The difference is that the "all" ACL is assumed to always be true by
the default setting of several of the squid.conf directives.

Many of these directives have a default of "deny all", and if you redefine
"all" to something else this becomes "allow all except your own users".
Most notably this makes a significant difference in the icp_access and
snmp_access directives.

It is also very important for the default recommendation of ending your
http_access rule with a

http_access deny all

to deny all other accesses to the proxy. If you redefine the "all" acl
this makes the above mean the complete opposite, allowing everyone else
access to use the proxy which quickly leads to disaster.

Regards
Henrik
Received on Wed Feb 25 2004 - 06:32:27 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST