Re: [squid-users] organization squid.conf

From: Riccardo Castellani <ric.castellani_at_alice.it>
Date: Sat, 20 Jun 2009 09:56:45 +0200

> Neither. Look at what the requirements are for each and create logical
> groupigs that do not interfere with each other and in order configured do
> what your policy requires.
>
> Also, be extremely careful about http_reply_access.
> It's often over-blocked by using rules that duplicate http_access. This
> can either prevent access denied pages getting out to bad viewers, or
> cause extra useless load.
> Only use it to filter requests that cannot be checked earlier in
> http_access.
>
>
> Amos

Ok I can looking for requirements for all my acl, but what means creating
logical groups ?
It means that group can contain both acl and directives ?

I thought acl should be next to directive where it's used so there is more
cleaning. What do you think ?

----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: "Riccardo Castellani" <r.castellani_at_usl6.toscana.it>
Cc: <squid-users_at_squid-cache.org>
Sent: Wednesday, June 17, 2009 5:21 PM
Subject: Re: [squid-users] organization squid.conf

> Riccardo Castellani wrote:
>> What do you suggest to prepare a clean squid.conf ?
>> I have many many ACL which I use in these directive:
>>
>> no_cache deny
>
> change #1:
> no_cache deny X
> to:
> cache deny X
>
> no_cache is an obsolete option name.
>
>> http_access deny
>> http_access allow
>>
>>
>> 1- To collect ACL all together or I can insert specific ACL groups next
>> to
>> directives where they are used, e.g.
>>
>>
>> Acl A...
>> Acl B...
>> Acl C...
>> no_cache deny A
>> no_cache deny B
>> no_cache deny C
>>
>> Acl E...
>> Acl F..
>> Acl G...
>> http_access allow E
>> http_access allow F
>> http_access allow G
>>
>> Acl H...
>> Acl I..
>> Acl L...
>> http_reply_access allow H
>> http_reply_access allow I
>> http_reply_access deny L
>>
>
> Neither. Look at what the requirements are for each and create logical
> groupigs that do not interfere with each other and in order configured do
> what your policy requires.
>
> Also, be extremely careful about http_reply_access.
> It's often over-blocked by using rules that duplicate http_access. This
> can either prevent access denied pages getting out to bad viewers, or
> cause extra useless load.
> Only use it to filter requests that cannot be checked earlier in
> http_access.
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
> Current Beta Squid 3.1.0.8
Received on Sat Jun 20 2009 - 07:56:56 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 20 2009 - 12:00:03 MDT