RE: [squid-users] Simple port 80 squid reverse-proxy question

Thank you VERY much for this. Greatly appreciated!

> -----Original Message-----
> From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
> Sent: Tuesday, April 04, 2006 1:27 PM
> To: Discussion Lists
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Simple port 80 squid reverse-proxy question
>
>
> lör 2006-04-01 klockan 11:21 -0800 skrev Discussion Lists:
>
> > I set up a reverse proxy using squid 3.0. It works fine
> actually, but
> > I wanted to run the config by you all to be sure I wasn't missing
> > anything important. In particular, I am worried about
> commenting out
> > the http_access deny all. I added an "allow all" setting,
> but I was
> > wondering if there was a better way, and also if I am doing
> the below
> > stuff correctly as well. Here's my setup:
> >
> > always_direct allow all
>
> Don't do this in squid-3 accelerators. Instead use the
> cache_peer directive to tell Squid-3 where the origin server
> is. This gives you much better control over how Squid routes
> the requests.
>
> Note: The reason why Squid-3 does not allow direct by default
> on accelerated content is the security concerns raised
> earlier. By default requiring the use of a configured peer
> for accelerated content the risk that the accelerator becomes
> an open proxy by simple access control error (i.e. allow all)
> is minimized.
>
> Regards
> Henrik
>
Received on Tue Apr 04 2006 - 22:30:49 MDT