Search squid archive

Re: Sequence of http_access rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>
>
> Jaap Cammeraat escreveu:
>> Thx!
>> And what is the best way...
>>
>
>     There's no best way .... there's the way that met your criterias.
>
>     You have to arrange the http_access rules to met your criterias,
> there's no hints or tips about that. That's just your criterias and
> logical order of the rules.

There are several bad ways though. With varying degrees of security.

In general I advise an order that blocks first, allows later. Using the
broadest criteria and fastest ACL types early and the fine tuning detail
ones later.

Things along the lines of:

 1) block relaying of all external requests (if possible)
 2) allowing local machines with unlimited access
 3) general allow authentications
 4) other specific complicated denials
 5) other complicated allows
 6) "deny all"

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux