Elli Albek wrote:
Thanks.
We are using 2.6 in the production server, apparently include is not
possible. Is there any alternative in 2.6 for splitting the config file?
E
Not in 2.6.
Amos
-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: Sunday, February 01, 2009 7:27 PM
To: Elli Albek
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re: Squid config file administration, maintenance and
partition
Hi,
I want to keep my ACLs separate form the main squid config file, so we can
upgrade squid easily without touching this file too much (hopefully).
The problem is that the user ACLs are supposed to be somewhere in the
middle
of the conf file.
There are a couple of options that I was thinking about. I tried both and
got both to work as reverse proxy, however I am not really sure about the
rest of the services that may be disabled.
Option 1
In the main squid file just call my ACL. I still need to change this file,
but not much:
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
include my_acl.conf
Option 2
Call my ACLs in the beginning, and then call the default squid conf file:
So my squid.conf file looks like this:
include my_acl.conf
include squid.conf.default
Option 2 seems better since I can leave the quid conf files intact.
It is also a way to run multiple instances of squid on the same box
without
duplicating configuration. Each instance conf file does some instance
configuration, and then calls my ACL and the default squid ACL. Example:
access_log /var/logs/squid/instance_1/access.log squid
include my_acl.conf
include squid.conf.default
pid_filename /var/logs/squid/instance_1/squid.pid
I am not sure that option 2 is OK. It may be blocking other services that
squid uses in the default configuration (for administration and
monitoring).
Generally this is reverse proxy, so it should allow only HTTP to the
origin
server and nothing more.
Is option 2 a workable solution or will it have problems working with the
default configuration?
E
Both are usable with some care.
(1) is the easier one. Several of the access controls (Safe_ports,
SSL_ports, and manager access) are provided by the default config and
usually NEED to be listed before any custom http_access lines.
(2) needs you to be extra careful and duplicate the proper order of those
controls in your own config.
Issues you will encounter with the many options 'required' settings in
squid.conf with older squid are being resolved from 3.1. So the
possibility of breakage errors is greatly reduced.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12
Current Beta Squid 3.1.0.4
