lör 2006-04-01 klockan 11:21 -0800 skrev Discussion Lists:
> I set up a reverse proxy using squid 3.0. It works fine actually, but I
> wanted to run the config by you all to be sure I wasn't missing anything
> important. In particular, I am worried about commenting out the
> http_access deny all. I added an "allow all" setting, but I was
> wondering if there was a better way, and also if I am doing the below
> stuff correctly as well. Here's my setup:
>
> always_direct allow all
Don't do this in squid-3 accelerators. Instead use the cache_peer
directive to tell Squid-3 where the origin server is. This gives you
much better control over how Squid routes the requests.
Note: The reason why Squid-3 does not allow direct by default on
accelerated content is the security concerns raised earlier. By default
requiring the use of a configured peer for accelerated content the risk
that the accelerator becomes an open proxy by simple access control
error (i.e. allow all) is minimized.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT