Optimize: miss_access absent from config is allow

diff --git a/src/cf.data.pre b/src/cf.data.pre
index f5fcdcaf8706451fc2552fad556d5a2d632c37f7..1c1555cf82769de4fc3f8ef0b61d11dd15c808d3 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -632,6 +632,10 @@ NAME: acl
 TYPE: acl
 LOC: Config.aclList
 DEFAULT: all src all
+DEFAULT: manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/
+DEFAULT: localhost src 127.0.0.1/32 ::1
+DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
+DEFAULT_DOC: ACLs all, manager, localhost, and to_localhost are predefined.
 DOC_START
        Defining an Access List
 
@@ -862,9 +866,6 @@ NOCOMMENT_START
 #
 # Recommended minimum configuration:
 #
-acl manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/
-acl localhost src 127.0.0.1/32 ::1
-acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
 
 # Example rule allowing access from your local networks.
 # Adapt to list your (internal) IP networks from where browsing
@@ -1163,7 +1164,7 @@ DOC_END
 NAME: miss_access
 TYPE: acl_access
 LOC: Config.accessList.miss
-DEFAULT: allow all
+DEFAULT: none
 DOC_START
        Use to force your neighbors to use you as a sibling instead of
        a parent.  For example:

diff --git a/src/tunnel.cc b/src/tunnel.cc
index 0114c7846659a91eac5b46d3499faf557b27090e..5d3ec0331d02ebba3cb5a0cf055963cbd0374a04 100644 (file)
--- a/src/tunnel.cc
+++ b/src/tunnel.cc
@@ -616,7 +616,7 @@ tunnelStart(ClientHttpRequest * http, int64_t * size_ptr, int *status_ptr)
      * be allowed.  yuck, I know.
      */
 
-    if (!request->client_addr.IsNoAddr() && Config.accessList.miss) {
+    if (Config.accessList.miss && !request->client_addr.IsNoAddr()) {
         /*
          * Check if this host is allowed to fetch MISSES from us (miss_access)
          * default is to allow.