On tis, 2007-10-16 at 16:32 +1300, Amos Jeffries wrote:
> I've looked at the code and I think this is caused as a side-effect of
> "DEFAULT_IF_NONE: deny all" (@src/cf.data.pre:715) denying the initial
> peer query (@src/htcp.cc:1236) when no other htcp_access are defined but
> a peer is htcp_only.
Looking. Looks fine. What was the original complaint again? I thought
you had to htcp_access the peer you requested, not the requesting peer..
The default for all accesses (HTTP, ICP, HTCP, SNMP) is deny unless
allowed.
> I've already updated the .conf docs to clearly point out the htcp_access
> needs to be explicitly configured for htcp peers.
Just as icp_access needs to be configured for icp peers...
The difference between the two is that the suggested configuration of
icp_access has an "icp_access allow all" overriding the default, while
htcp_access has the same in a comment only. Personally I consider having
icp_access allow all a mistake and that the htcp style is better, but
both should be changed to have an acl listing the trusted networks
rather than "all".
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT