From 3445a83a0598b62fc619fdef9bba0ded43ce7c33 Mon Sep 17 00:00:00 2001 From: wessels <> Date: Sat, 19 Sep 1998 03:44:16 +0000 Subject: [PATCH] From: Henrik Nordstrom Give always_direct higher precedence than never_direct. To simplify setups that are inside a firewall, which is about the only case when always_direct AND never_direct are used together. Currently every object that is always_direct allow must also be never_direct deny or the request fails. --- src/cf.data.pre | 31 +++++++++++++++++++++---------- src/peer_select.cc | 22 +++++++++++----------- 2 files changed, 32 insertions(+), 21 deletions(-) diff --git a/src/cf.data.pre b/src/cf.data.pre index db59cb9796..84e54837e0 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.111 1998/09/14 22:34:02 wessels Exp $ +# $Id: cf.data.pre,v 1.112 1998/09/18 21:44:16 wessels Exp $ # # # SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -2093,10 +2093,8 @@ DOC_START Usage: always_direct allow|deny [!]aclname ... Here you can use ACL elements to specify requests which should - ALWAYS be forwarded directly to origin servers. This option - replaces some v1.1 options such as inside_firewall, - firewall_ip, local_domain, and local_ip. For example, to - always directly forward requests for local servers use + ALWAYS be forwarded directly to origin servers. For example, + to always directly forward requests for local servers use something like: acl local-servers dstdomain my.domain.net @@ -2117,6 +2115,9 @@ DOC_START acl local-servers dstdomain foo.net always_direct deny local-external always_direct allow local-servers + + This option replaces some v1.1 options such as local_domain + and local_ip. DOC_END NAME: never_direct @@ -2131,15 +2132,25 @@ DOC_START With 'never_direct' you can use ACL elements to specify requests which should NEVER be forwarded directly to origin - servers. This option replaces some v1.1 options such as - inside_firewall, firewall_ip, local_domain, and local_ip. For - example, to force the use of a proxy for all requests, except - those in your local domain, use something like: + servers. For example, to force the use of a proxy for all + requests, except those in your local domain use something like: - acl local-servers dstdomain my.domain.net + acl local-servers dstdomain foo.net acl all src 0.0.0.0/0.0.0.0 never_direct deny local-servers never_direct allow all + + or if squid is inside a firewall and there is local intranet + servers inside the firewall then use something like: + + acl local-intranet dstdomain foo.net + acl local-external dstdomain external.foo.net + always_direct deny local-external + always_direct allow local-intranet + never_direct allow all + + This option replaces some v1.1 options such as inside_firewall + and firewall_ip. DOC_END NAME: fake_user_agent diff --git a/src/peer_select.cc b/src/peer_select.cc index 6ea7f183f2..368be806f4 100644 --- a/src/peer_select.cc +++ b/src/peer_select.cc @@ -1,6 +1,6 @@ /* - * $Id: peer_select.cc,v 1.82 1998/09/18 17:13:42 wessels Exp $ + * $Id: peer_select.cc,v 1.83 1998/09/18 21:44:17 wessels Exp $ * * DEBUG: section 44 Peer Selection Algorithm * AUTHOR: Duane Wessels @@ -262,32 +262,32 @@ peerSelectFoo(ps_state * psstate) debug(44, 3) ("peerSelectFoo: '%s %s'\n", RequestMethodStr[request->method], request->host); - if (psstate->never_direct == 0 && Config.accessList.NeverDirect) { + if (psstate->always_direct == 0 && Config.accessList.AlwaysDirect) { psstate->acl_checklist = aclChecklistCreate( - Config.accessList.NeverDirect, + Config.accessList.AlwaysDirect, request, request->client_addr, NULL, /* user agent */ NULL); /* ident */ aclNBCheck(psstate->acl_checklist, - peerCheckNeverDirectDone, + peerCheckAlwaysDirectDone, psstate); return; - } else if (psstate->never_direct > 0) { - direct = DIRECT_NO; - } else if (psstate->always_direct == 0 && Config.accessList.AlwaysDirect) { + } else if (psstate->always_direct > 0) { + direct = DIRECT_YES; + } else if (psstate->never_direct == 0 && Config.accessList.NeverDirect) { psstate->acl_checklist = aclChecklistCreate( - Config.accessList.AlwaysDirect, + Config.accessList.NeverDirect, request, request->client_addr, NULL, /* user agent */ NULL); /* ident */ aclNBCheck(psstate->acl_checklist, - peerCheckAlwaysDirectDone, + peerCheckNeverDirectDone, psstate); return; - } else if (psstate->always_direct > 0) { - direct = DIRECT_YES; + } else if (psstate->never_direct > 0) { + direct = DIRECT_NO; } else if (request->flags.loopdetect) { direct = DIRECT_YES; } else { -- 2.47.3