Henrik Nordstrom wrote:
> On tis, 2007-10-16 at 17:27 +1300, Amos Jeffries wrote:
>
>>> The default for all accesses (HTTP, ICP, HTCP, SNMP) is deny unless
>>> allowed.
>> precisely. Simply flagging a peer as htcp is not enough to turn it on. As
>> now documented.
>
> A requesting peer needs to be allowed by in
> http_access
> and
> icp_access or htcp_access if icp or htcp is used
> on the Squid server the peer is connecting to.
>
> It is not sufficient to simply add a cache_peer line to the requesting
> peer, the requested peer also needs to allow access.
>
>> You mean a visible default of both being "X_access deny !localnet" with
>> the backup default of both being "deny all"?
>
> Default-if-none being "deny all", but with a suggested uncommented
> default of "allow localnet, deny all".
>
>> Or the backup default of both being the "deny !localnet"?
>>
>> localnet also would consequently need adding to the suggested global acls.
>> Perhapse with the RFC1918 spaces as a good default for localnet.
>
> That's a good idea.
>
> Regards
> Henrik
OK.
Done for ICP, HTCP.
HTTP is slightly cleaner with the new localnet instead of a paragraph
explaining the need to set local ranges.
Left the SNMP untouched.
Amos
Received on Tue Oct 16 2007 - 07:05:40 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Oct 30 2007 - 13:00:03 MDT