lör 2006-04-01 klockan 11:21 -0800 skrev Discussion Lists: > I set up a reverse proxy using squid 3.0. It works fine actually, but I > wanted to run the config by you all to be sure I wasn't missing anything > important. In particular, I am worried about commenting out the > http_access deny all. I added an "allow all" setting, but I was > wondering if there was a better way, and also if I am doing the below > stuff correctly as well. Here's my setup: > > always_direct allow all Don't do this in squid-3 accelerators. Instead use the cache_peer directive to tell Squid-3 where the origin server is. This gives you much better control over how Squid routes the requests. Note: The reason why Squid-3 does not allow direct by default on accelerated content is the security concerns raised earlier. By default requiring the use of a configured peer for accelerated content the risk that the accelerator becomes an open proxy by simple access control error (i.e. allow all) is minimized. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
