On 04/13/2017 09:58 AM, Yuri Voinov wrote: > 13.04.2017 21:14, Dan Purgert пишет: >> How would a "built-in default" alter an existing setup? I mean, in >> every other instance that I can think of, if the config file includes >> the directive, the config file's version overrides the default ... > This is normal behaviour. System administrator should have possibility > to override ANY default. That much is understood. What is not yet clear are the exact conditions under which those defaults disappear. This is one of the two primary questions the RFC does not answer yet (the other one being what exactly this change is actually trying to accomplish). "Normally", foo_bar defaults disappear at the first sign of an explicit foo_bar rule in squid.conf. However, that will probably defeat the (unspecified) purpose of supporting http_access defaults because every Squid needs non-default http_access rules! The suspected uselessness of "normal" behavior is exactly why those two questions must be answered in the updated version of the RFC. My earlier response sketched one way to add http_access defaults that do not disappear so easily that they become useless (see deny_unsafe_ports), but that idea has its own serious flaws. The "many folks misconfigure access rules" problem may not have a good solution (under Squid control); we should be careful not to make things worse while not solving the unsolvable problem. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
