Yep, though WCCP v2 has better security features.
But the simplest path (and one that works in v1) is to simply prevent
packets from talking to the Cisco on the WCCP port unless they are your
web caches. Hijacking traffic would be trivial without such a rule.
That said, any cache that is allowed to be in the pool can become
supervisor. "Elections" are held to decide who becomes the boss. Squid
just takes the lowest IP cache and calls him the boss, I seem to recall.
Not very interesting, but since Squid doesn't know about weighting or
anything of that sort, it doesn't hurt to do it that way.
Henrik Nordstrom wrote:
> On Saturday 22 June 2002 05.21, Joe Cooper wrote:
>
>
>>That is all that is needed on the Cisco. Squid will notify the
>>router of its existence (just remember that the cache is the
>>supervisor in this relationship, and things become clearer).
>
>
> I assmune an acl can be set up on the router to control which caches
> that may become "supervisors"?
>
> Regards
> Henrik
-- Joe Cooper <joe@swelltech.com> Web caching appliances and support. http://www.swelltech.comReceived on Sat Jun 22 2002 - 10:50:10 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:46 MST