On Wed, 29 Jun 2005, Laurikainen, Tuukka wrote:
That does work indeed. Why is the cache_peer needed if the web servers ips and names are present in the /etc/hosts?
It isn't strictly required. You could tell Squid that it it allowed to go direct via the always_direct directive.
The reason why direct is not by default allowed in accelerators is security. Quite many who set up accelerators do not realise the security impacts of running a proxy as a web server and what this requires from your access controls ("allow all" is not a good choice).
As result in Squid-3 it was selected to by default require cache_peers for accelerators, somewhat limiting the risk that a inexperienced administrator accidently creates an open proxy when attempting to configure a reverse proxy.
It is all mentioned in the release notes.
I do understand however the possibilities of the cache_peer like the very handy login=PASS and originserver options.
Also saves you from having to add the addresses in /etc/hosts, and allows for redundant servers well managed by Squid.
Regards Henrik
