G'day Mark!
On Feb 18, 10:08am, Mark Eldridge wrote:
> Subject: Controlling neighbour access
> I'd like to be able to control which objects on our cache our neighbours
> have access to. If our organisation's internal documents are cached then
> it is possible that our neighbours could access these documents, bypassing
> any security that may be in place on the end web server.
You can add cache_stoplist cgi-bin ? .csiro.au
your cache will now NOT have any csiro.au documents in it to serve to
neighbours.
> The trusting method (for the perfect world) is to ask the neighbours to
> put a 'cache_host_domain proxy.csiro.au !.csiro.au' statement in their
> configs. This is also more efficient.
Hmmm ... no need for this.
> Neither of these methods work. What am I doing wrong?
If you don't need your cache to cache your own objects, just use
cache_stoplist.
> Also, how much is negotiated between neighbours? Can neighbours swap the
> access lists that relate to each other and vary their requests
> accordingly? ie. If neighbour1 won't feed certain objects to neighbour2,
> there's not much point in neighbour2 requesting them.
A cache will keep requesting objects unless the other cache is down, or it is
denying access to everything to the requesting cache.
Later
Ed
-- Ed Knowles aka Jasper Phone : +61 2 9385 4962 E-mail: ed@fatboy.geog.unsw.edu.au Fax : +61 2 9313 7878 What I lack in morals I make up for in principles.Received on Mon Feb 17 1997 - 20:33:08 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:29 MST