From: wessels <> Date: Sat, 14 Feb 1998 05:57:43 +0000 (+0000) Subject: fill in never/always_direct comments X-Git-Tag: SQUID_3_0_PRE1~4085 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2a78fa6733d2f68fe0954ac44a19ddc6a2ac8c7d;p=thirdparty%2Fsquid.git fill in never/always_direct comments --- diff --git a/src/cf.data.pre b/src/cf.data.pre index f7fdf8bf5d..00056c077f 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -758,25 +758,6 @@ COMMENT_START ----------------------------------------------------------------------------- COMMENT_END -# TAG: ftpget_program -# Where to find the 'ftpget' program that retrieves FTP data (HTTP -# and Gopher protocol support are built into the cache). -# -# To disable ftpget and the ability to retrieve FTP objects, set -# this to "none". Note that ftpget is automatically disabled for -# http_accel mode. -# -#ftpget_program @DEFAULT_FTPGET@ - -# TAG: ftpget_options -# Options for the 'ftpget' program. Please run 'ftpget' without -# any arguments to see a list of options. The default is -# no options. An example is -# -# ftpget_options -n 60 -R -W -# -#ftpget_options - NAME: ftp_user TYPE: string DEFAULT: Squid@ @@ -1864,7 +1845,33 @@ TYPE: acl_access LOC: Config.accessList.AlwaysDirect DEFAULT: none DOC_START - XXX need docs + Usage: always_direct allow|deny [!]aclname ... + + Here you can use ACL elements to specify requests which should + ALWAYS be forwarded directly to origin servers. This option + replaces some v1.1 options such as inside_firewall, + firewall_ip, local_domain, and local_ip. For example, to + always directly forward requests for local servers use + something like: + + acl local-servers dstdomain my.domain.net + always_direct allow local-servers + + To always forward FTP requests directly, use + + acl FTP proto FTP + always_direct allow FTP + + NOTE: There is a similar, but opposite option named + 'never_direct'. You need to be aware that "always_direct deny + foo" is NOT the same thing as "never_direct allow foo". You + may need to use a deny rule to exclude a more-specific case of + some other rule. Example: + + acl local-external dstdomain external.foo.net + acl local-servers dstdomain foo.net + always_direct deny local-external + always_direct allow local-servers DOC_END NAME: never_direct @@ -1872,15 +1879,23 @@ TYPE: acl_access LOC: Config.accessList.NeverDirect DEFAULT: none DOC_START - XXX need docs -DOC_END + Usage: never_direct allow|deny [!]aclname ... + + never_direct is the opposite of always_direct. Please read + the description for always_direct if you have not already. -#NAME: proxy_auth_ignore -#TYPE: regexplist_icase -#LOC: Config.proxyAuth.IgnoreDomains -#DOC_START -# XXX need docs -#DOC_END + With 'never_direct' you can use ACL elements to specify + requests which should NEVER be forwarded directly to origin + servers. This option replaces some v1.1 options such as + inside_firewall, firewall_ip, local_domain, and local_ip. For + example, to force the use of a proxy for all requests, except + those in your local domain, use something like: + + acl local-servers dstdomain my.domain.net + acl all src 0.0.0.0/0.0.0.0 + never_direct deny local-servers + never_direct allow all +DOC_END NAME: fake_user_agent TYPE: eol