Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 02-16-2005, 02:00 PM   #1
LQ Newbie
Registered: Oct 2004
Location: India
Posts: 26

Rep: Reputation: 15
never_direct deny all vs. always_direct deny all


Can anyone please clarify me the difference between these two with respect to external sites in squid.

never_direct deny all vs. always_direct deny all

Thanks in advance

- Rahul
Old 02-16-2005, 02:42 PM   #2
Senior Member
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
i kinda thought it was self-explanatory... please elaborate...

Tag Name always_direct
Usage always_direct allow|deny [!]aclname ...

Here you can use ACL elements to specify requests, which should ALWAYS be forwarded directly to origin servers. This is mostly used while using cache_peer. See also never_direct . For Further reference on always_direct, please click here.
Default always_direct is by default deny.

For example, to always directly forward requests for local servers use something like:
acl local-servers dstdomain
always_direct allow local-servers

To always forward FTP requests directly, use
acl FTP proto FTP
always_direct allow FTP

Example for denying specific domain
acl local-external dstdomain
acl local-servers dstdomain
always_direct deny local-external
always_direct allow local-servers

There is a similar, but opposite option named ' never_direct'. You need to be aware that "always_direct deny foo" is NOT the same thing as "never_direct allow foo". You may need to use a deny rule to exclude a more-specific case of some other rule.

Tag Name never_direct
Usage never_direct allow|deny [!]aclname ...

never_direct is the opposite of always_direct. Please read the description for always_direct if you have not already.

With 'never_direct' you can use ACL elements to specify requests, which should NEVER be forwarded directly to origin servers

When always_direct and never_direct are deny (By default), Squid selects based on the request type and a number of other factors if a parent should be used or not, and if a parent could not be reached it will always fallback on direct.

If always_direct is allow then Squid will always go direct to the source without considering any peers.

If never_direct is allow then Squid will never attempt to go direct to the source. Instead it tries very hard to find a parent to send the request to. If no parent can be found then an error is returned. For Further reference on never_direct, please click here.
Default never_direct is by default deny.

For example, to force the use of a proxy for all requests, except those in your local domain use something like:

acl local-servers dstdomain
acl all src
never_direct deny local-servers
never_direct allow all

or if squid is inside a firewall and there are local intranet servers inside the firewall then use something like:

acl local-intranet dstdomain
acl local-external dstdomain
always_direct deny local-external
always_direct allow local-intranet
never_direct allow all

It will be better to understand always_direct before enabling this tag

Last edited by secesh; 02-16-2005 at 02:43 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
access and deny mchitrakar Linux - Security 8 04-24-2004 03:53 AM
How do I deny host? Inexactitude Linux - Security 3 02-22-2004 02:00 PM
vsFTPd deny everyone. Why? TheTrueVortek Linux - Software 2 11-17-2003 12:02 PM
hosts.deny help/how-to jon_k Linux - Software 1 07-25-2003 10:17 PM
hosts.deny 98steve600 Linux - General 1 01-10-2001 07:39 PM

All times are GMT -5. The time now is 02:12 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration