On 31/01/2014 5:35 p.m., Amos Jeffries wrote:
> On 31/01/2014 12:17 p.m., Alex Rousskov wrote:
>> On 01/30/2014 03:35 PM, Amos Jeffries wrote:
>>
>>> P4-b: Shall we skip the arguing and go straight to ACL driven in that
>>> format? I think it may be faster to simply write up a patch for ACLs
>>> with a default "allow all" and simply allow/deny action choice than to
>>> continue discussions around the on/off scoping. We are clearly focusing
>>> on different use-cases and error conditions being more or less
>>> subjectively important. The admin on the ground can probably get that
>>> right far better than we can anyway.
>>
>> Do you want me to add an ipv4_server and ipv6_server hard-coded ACLs?
>> They would work in contexts where the server address is known (any
>> origin server: HTTP, FTP, Gopher, etc.). I fear opening another big can
>> of worms with this! If we do not add those ACLs, how will an admin know
>> that Squid is going to talk to an IPv6 server (my definition)?
Sorry just realized I can lay our mind to rest that but did not.
Any time after peer selection the destination server name/FQDN/IP are known.
These ACLs for FTP are being run after the server has been connected
and traffic already exchanged. So the IP is most certainly known.
Amos
Received on Fri Jan 31 2014 - 04:38:50 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 31 2014 - 12:00:17 MST