Re: [squid-users] Change ERR_CANNOT_FORWARD timeout

From: Amos Jeffries <>
Date: Wed, 21 Nov 2012 13:40:23 +1300

On 21.11.2012 13:29, Paul Ch wrote:
> Thanks for the reply.
> I have been denying access using cache_peer_access deny rather than
> 'http_access deny'.
> cache_peer_access test allow sites_test allowable
> cache_peer_access test allow sites_test othersallowed
> cache_peer_access test deny publicall
> Should I be switching to http_access rather than cache_peer_access?

You should be using both.

  http_access determines whether Squid is granting permission for the
clients request to be handled *at all*. Checked for all received

  cache_peer_access is only granting permission to deliver a request to
that single upstream peer. May (or not) be checked for any given MISS or
revalidation request.

The way you described the requirements was that *no* service was to be
granted outside business hours (http_access denial). If you have some
services that continue running while others are rejected that is a
different set of requirements (cache_peer_access denial).

Received on Wed Nov 21 2012 - 00:40:25 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 21 2012 - 12:00:04 MST