Hi,
I want to keep my ACLs separate form the main squid config file, so we can
upgrade squid easily without touching this file too much (hopefully).
The problem is that the user ACLs are supposed to be somewhere in the middle
of the conf file.
There are a couple of options that I was thinking about. I tried both and
got both to work as reverse proxy, however I am not really sure about the
rest of the services that may be disabled.
Option 1
In the main squid file just call my ACL. I still need to change this file,
but not much:
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
include my_acl.conf
Option 2
Call my ACLs in the beginning, and then call the default squid conf file:
So my squid.conf file looks like this:
include my_acl.conf
include squid.conf.default
Option 2 seems better since I can leave the quid conf files intact.
It is also a way to run multiple instances of squid on the same box without
duplicating configuration. Each instance conf file does some instance
configuration, and then calls my ACL and the default squid ACL. Example:
access_log /var/logs/squid/instance_1/access.log squid
include my_acl.conf
include squid.conf.default
pid_filename /var/logs/squid/instance_1/squid.pid
I am not sure that option 2 is OK. It may be blocking other services that
squid uses in the default configuration (for administration and monitoring).
Generally this is reverse proxy, so it should allow only HTTP to the origin
server and nothing more.
Is option 2 a workable solution or will it have problems working with the
default configuration?
E
Received on Mon Feb 02 2009 - 03:04:06 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 02 2009 - 12:00:03 MST