Re: [squid-users] organization squid.conf

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 18 Jun 2009 03:21:14 +1200

Riccardo Castellani wrote:
> What do you suggest to prepare a clean squid.conf ?
> I have many many ACL which I use in these directive:
>
> no_cache deny

change #1:
   no_cache deny X
to:
   cache deny X

no_cache is an obsolete option name.

> http_access deny
> http_access allow
>
>
> 1- To collect ACL all together or I can insert specific ACL groups next to
> directives where they are used, e.g.
>
>
> Acl A...
> Acl B...
> Acl C...
> no_cache deny A
> no_cache deny B
> no_cache deny C
>
> Acl E...
> Acl F..
> Acl G...
> http_access allow E
> http_access allow F
> http_access allow G
>
> Acl H...
> Acl I..
> Acl L...
> http_reply_access allow H
> http_reply_access allow I
> http_reply_access deny L
>

Neither. Look at what the requirements are for each and create logical
groupigs that do not interfere with each other and in order configured
do what your policy requires.

Also, be extremely careful about http_reply_access.
  It's often over-blocked by using rules that duplicate http_access.
This can either prevent access denied pages getting out to bad viewers,
or cause extra useless load.
Only use it to filter requests that cannot be checked earlier in
http_access.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
   Current Beta Squid 3.1.0.8
Received on Wed Jun 17 2009 - 15:21:21 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 20 2009 - 12:00:03 MDT