Re: [squid-users] Merging http_access and http_reply_access?

From: Henrik Nordstrom <[email protected]>
Date: Thu, 16 Dec 2004 01:03:40 +0100 (CET)

On Wed, 15 Dec 2004, Boniforti Flavio wrote:

> http_access allow CED UtentiAutorizzati
> http_access allow our_networks
> http_access allow localhost
> http_reply_access deny block_stream
> http_reply_access deny streaming
> http_access deny all
>
> Now, I need to allow our users to access ".rm" files which reside on a
> specific web server, which I know by its IP address.
>
> Now, I added:
>
> acl SERVER dst 12.34.56.78
>
> and was trying to figure out how to write the "access" line.
>
> http_access allow SERVER block_stream streaming

You should use

http_reply_access allow SERVER

before your http_reply_access deny ...

> My question is: is it possible (and if yes, *how*) to merge different access
> rules (http_access and http_reply_access)?

No. The two are completely separate from each other and executes at
different points in time.

http_access executes when Squid has received the request from the browser,
before it is forwarded to the web server.

http_reply_access executes when Squid has received the reply from the web
server (or cache).

Ordering is relevant within each directive only. The following
configurations are all equivalent:

http_access allow a b c
http_reply_access allod d e f
http_access allow x y z
http_reply_access allow t x z

or

http_reply_access allod d e f
http_reply_access allow t x z
http_access allow a b c
http_access allow x y z

or even

http_reply_access allod d e f
http_reply_access allow t x z
http_access allow a b c
http_access allow x y z

Regards
Henrik
Received on Wed Dec 15 2004 - 17:03:42 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST