Henrik Nordstrom wrote:
On tis, 2007-10-16 at 17:27 +1300, Amos Jeffries wrote:
The default for all accesses (HTTP, ICP, HTCP, SNMP) is deny unless
allowed.
precisely. Simply flagging a peer as htcp is not enough to turn it on. As
now documented.
A requesting peer needs to be allowed by in
http_access
and
icp_access or htcp_access if icp or htcp is used
on the Squid server the peer is connecting to.
It is not sufficient to simply add a cache_peer line to the requesting
peer, the requested peer also needs to allow access.
You mean a visible default of both being "X_access deny !localnet" with
the backup default of both being "deny all"?
Default-if-none being "deny all", but with a suggested uncommented
default of "allow localnet, deny all".
Or the backup default of both being the "deny !localnet"?
localnet also would consequently need adding to the suggested global acls.
Perhapse with the RFC1918 spaces as a good default for localnet.
That's a good idea.
Regards
Henrik
OK.
Done for ICP, HTCP.
HTTP is slightly cleaner with the new localnet instead of a paragraph
explaining the need to set local ranges.
Left the SNMP untouched.
Amos
