From: Amos Jeffries Date: Tue, 23 Aug 2011 12:23:33 +0000 (+1200) Subject: Optimize: miss_access absent from config is allow X-Git-Tag: take08~43^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8a25eaaf93dbbe66862d85963cbc68833eda344;p=thirdparty%2Fsquid.git Optimize: miss_access absent from config is allow --- diff --git a/src/cf.data.pre b/src/cf.data.pre index f5fcdcaf87..1c1555cf82 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -632,6 +632,10 @@ NAME: acl TYPE: acl LOC: Config.aclList DEFAULT: all src all +DEFAULT: manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/ +DEFAULT: localhost src 127.0.0.1/32 ::1 +DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 +DEFAULT_DOC: ACLs all, manager, localhost, and to_localhost are predefined. DOC_START Defining an Access List @@ -862,9 +866,6 @@ NOCOMMENT_START # # Recommended minimum configuration: # -acl manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/ -acl localhost src 127.0.0.1/32 ::1 -acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing @@ -1163,7 +1164,7 @@ DOC_END NAME: miss_access TYPE: acl_access LOC: Config.accessList.miss -DEFAULT: allow all +DEFAULT: none DOC_START Use to force your neighbors to use you as a sibling instead of a parent. For example: diff --git a/src/tunnel.cc b/src/tunnel.cc index 0114c78466..5d3ec0331d 100644 --- a/src/tunnel.cc +++ b/src/tunnel.cc @@ -616,7 +616,7 @@ tunnelStart(ClientHttpRequest * http, int64_t * size_ptr, int *status_ptr) * be allowed. yuck, I know. */ - if (!request->client_addr.IsNoAddr() && Config.accessList.miss) { + if (Config.accessList.miss && !request->client_addr.IsNoAddr()) { /* * Check if this host is allowed to fetch MISSES from us (miss_access) * default is to allow.