Re: Controlling neighbour access

From: Ed Knowles <ed@dont-contact.us>
Date: Tue, 18 Feb 1997 15:21:33 -0400

G'day Mark!

On Feb 18, 10:08am, Mark Eldridge wrote:
> Subject: Controlling neighbour access
> I'd like to be able to control which objects on our cache our neighbours
> have access to. If our organisation's internal documents are cached then
> it is possible that our neighbours could access these documents, bypassing
> any security that may be in place on the end web server.

You can add cache_stoplist cgi-bin ? .csiro.au

your cache will now NOT have any csiro.au documents in it to serve to
neighbours.

> The trusting method (for the perfect world) is to ask the neighbours to
> put a 'cache_host_domain proxy.csiro.au !.csiro.au' statement in their
> configs. This is also more efficient.

Hmmm ... no need for this.

> Neither of these methods work. What am I doing wrong?

If you don't need your cache to cache your own objects, just use
cache_stoplist.

> Also, how much is negotiated between neighbours? Can neighbours swap the
> access lists that relate to each other and vary their requests
> accordingly? ie. If neighbour1 won't feed certain objects to neighbour2,
> there's not much point in neighbour2 requesting them.

A cache will keep requesting objects unless the other cache is down, or it is
denying access to everything to the requesting cache.

Later
Ed

-- 
Ed Knowles aka Jasper				   Phone : +61 2 9385 4962
E-mail: ed@fatboy.geog.unsw.edu.au	           Fax   : +61 2 9313 7878
            What I lack in morals I make up for in principles.
Received on Mon Feb 17 1997 - 20:33:08 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:29 MST