On tis, 2007-10-16 at 17:27 +1300, Amos Jeffries wrote: > > The default for all accesses (HTTP, ICP, HTCP, SNMP) is deny unless > > allowed. > > precisely. Simply flagging a peer as htcp is not enough to turn it on. As > now documented.
A requesting peer needs to be allowed by in http_access and icp_access or htcp_access if icp or htcp is used on the Squid server the peer is connecting to. It is not sufficient to simply add a cache_peer line to the requesting peer, the requested peer also needs to allow access. > You mean a visible default of both being "X_access deny !localnet" with > the backup default of both being "deny all"? Default-if-none being "deny all", but with a suggested uncommented default of "allow localnet, deny all". > Or the backup default of both being the "deny !localnet"? > > localnet also would consequently need adding to the suggested global acls. > Perhapse with the RFC1918 spaces as a good default for localnet. That's a good idea. Regards Henrik
signature.asc
Description: This is a digitally signed message part
