On Fri, Sep 6, 2013 at 5:08 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > It does indeed. You are not checking the external_acl_type helper early > enough in the request processing sequence. > > clientside_tos directive is processed and TOS selected before the request > upstream destination is selected. > always_direct is part of that upstream destination selectino processing > which follows. > > You can test it in http_access like this before allowing traffic: > http_access deny router !all > > this runs the helper lookup but !all is an impossible match and prevents the > deny action happening. > > Alternatively, you can just stick 'router' ACL test on the end of your allow > http_access lines. OK. Got it working. Thanx! Best, Niki
