Thank you VERY much for this. Greatly appreciated! > -----Original Message----- > From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] > Sent: Tuesday, April 04, 2006 1:27 PM > To: Discussion Lists > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Simple port 80 squid reverse-proxy question > > > lör 2006-04-01 klockan 11:21 -0800 skrev Discussion Lists: > > > I set up a reverse proxy using squid 3.0. It works fine > actually, but > > I wanted to run the config by you all to be sure I wasn't missing > > anything important. In particular, I am worried about > commenting out > > the http_access deny all. I added an "allow all" setting, > but I was > > wondering if there was a better way, and also if I am doing > the below > > stuff correctly as well. Here's my setup: > > > > always_direct allow all > > Don't do this in squid-3 accelerators. Instead use the > cache_peer directive to tell Squid-3 where the origin server > is. This gives you much better control over how Squid routes > the requests. > > Note: The reason why Squid-3 does not allow direct by default > on accelerated content is the security concerns raised > earlier. By default requiring the use of a configured peer > for accelerated content the risk that the accelerator becomes > an open proxy by simple access control error (i.e. allow all) > is minimized. > > Regards > Henrik >
