On 21.11.2012 13:29, Paul Ch wrote:
> Thanks for the reply.
>
> I have been denying access using cache_peer_access deny rather than
> 'http_access deny'.
>
> cache_peer_access test allow sites_test allowable
> cache_peer_access test allow sites_test othersallowed
> cache_peer_access test deny publicall
>
> Should I be switching to http_access rather than cache_peer_access?
You should be using both.
http_access determines whether Squid is granting permission for the
clients request to be handled *at all*. Checked for all received
requests.
cache_peer_access is only granting permission to deliver a request to
that single upstream peer. May (or not) be checked for any given MISS or
revalidation request.
The way you described the requirements was that *no* service was to be
granted outside business hours (http_access denial). If you have some
services that continue running while others are rejected that is a
different set of requirements (cache_peer_access denial).
Amos
Received on Wed Nov 21 2012 - 00:40:25 MST
This archive was generated by hypermail 2.2.0 : Wed Nov 21 2012 - 12:00:04 MST