On Wed, 29 Jun 2005, Laurikainen, Tuukka wrote:
> That does work indeed. Why is the cache_peer needed if the web servers
> ips and names are present in the /etc/hosts?
It isn't strictly required. You could tell Squid that it it allowed to go
direct via the always_direct directive.
The reason why direct is not by default allowed in accelerators is
security. Quite many who set up accelerators do not realise the security
impacts of running a proxy as a web server and what this requires from
your access controls ("allow all" is not a good choice).
As result in Squid-3 it was selected to by default require cache_peers for
accelerators, somewhat limiting the risk that a inexperienced
administrator accidently creates an open proxy when attempting to
configure a reverse proxy.
It is all mentioned in the release notes.
> I do understand however the
> possibilities of the cache_peer like the very handy login=PASS and
> originserver options.
Also saves you from having to add the addresses in /etc/hosts, and allows
for redundant servers well managed by Squid.
Regards
Henrik
Received on Wed Jun 29 2005 - 14:06:30 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:03 MDT