Re: [squid-users] Squid marks alive siblings as dead. from Henrik Nordstrom on 2007-10-16 (squid-users)

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 16 Oct 2007 11:31:06 +0200

On tis, 2007-10-16 at 17:27 +1300, Amos Jeffries wrote:

> > The default for all accesses (HTTP, ICP, HTCP, SNMP) is deny unless
> > allowed.
>
> precisely. Simply flagging a peer as htcp is not enough to turn it on. As
> now documented.

A requesting peer needs to be allowed by in
http_access
and
icp_access or htcp_access if icp or htcp is used
on the Squid server the peer is connecting to.

It is not sufficient to simply add a cache_peer line to the requesting
peer, the requested peer also needs to allow access.

> You mean a visible default of both being "X_access deny !localnet" with
> the backup default of both being "deny all"?

Default-if-none being "deny all", but with a suggested uncommented
default of "allow localnet, deny all".

> Or the backup default of both being the "deny !localnet"?
>
> localnet also would consequently need adding to the suggested global acls.
> Perhapse with the RFC1918 spaces as a good default for localnet.

That's a good idea.

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Tue Oct 16 2007 - 03:31:12 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT