LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 02-16-2005, 02:00 PM   #1
simplyrahul
LQ Newbie
 
Registered: Oct 2004
Location: India
Posts: 26

Rep: Reputation: 15
never_direct deny all vs. always_direct deny all


Hi,

Can anyone please clarify me the difference between these two with respect to external sites in squid.

never_direct deny all vs. always_direct deny all

Thanks in advance

- Rahul
 
Old 02-16-2005, 02:42 PM   #2
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
i kinda thought it was self-explanatory... please elaborate...

Quote:
Tag Name always_direct
Usage always_direct allow|deny [!]aclname ...

Description
Here you can use ACL elements to specify requests, which should ALWAYS be forwarded directly to origin servers. This is mostly used while using cache_peer. See also never_direct . For Further reference on always_direct, please click here.
Default always_direct is by default deny.

Example
For example, to always directly forward requests for local servers use something like:
acl local-servers dstdomain .my.domain.net
always_direct allow local-servers

To always forward FTP requests directly, use
acl FTP proto FTP
always_direct allow FTP

Example for denying specific domain
acl local-external dstdomain .external.foo.net
acl local-servers dstdomain .foo.net
always_direct deny local-external
always_direct allow local-servers

Caution
There is a similar, but opposite option named ' never_direct'. You need to be aware that "always_direct deny foo" is NOT the same thing as "never_direct allow foo". You may need to use a deny rule to exclude a more-specific case of some other rule.


Tag Name never_direct
Usage never_direct allow|deny [!]aclname ...

Description
never_direct is the opposite of always_direct. Please read the description for always_direct if you have not already.

With 'never_direct' you can use ACL elements to specify requests, which should NEVER be forwarded directly to origin servers

When always_direct and never_direct are deny (By default), Squid selects based on the request type and a number of other factors if a parent should be used or not, and if a parent could not be reached it will always fallback on direct.

If always_direct is allow then Squid will always go direct to the source without considering any peers.

If never_direct is allow then Squid will never attempt to go direct to the source. Instead it tries very hard to find a parent to send the request to. If no parent can be found then an error is returned. For Further reference on never_direct, please click here.
Default never_direct is by default deny.

Example
For example, to force the use of a proxy for all requests, except those in your local domain use something like:

acl local-servers dstdomain foo.net
acl all src 0.0.0.0/0.0.0.0
never_direct deny local-servers
never_direct allow all

or if squid is inside a firewall and there are local intranet servers inside the firewall then use something like:

acl local-intranet dstdomain .foo.net
acl local-external dstdomain .external.foo.net
always_direct deny local-external
always_direct allow local-intranet
never_direct allow all

Caution
It will be better to understand always_direct before enabling this tag

Last edited by secesh; 02-16-2005 at 02:43 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
access and deny mchitrakar Linux - Security 8 04-24-2004 03:53 AM
How do I deny host? Inexactitude Linux - Security 3 02-22-2004 02:00 PM
vsFTPd deny everyone. Why? TheTrueVortek Linux - Software 2 11-17-2003 12:02 PM
hosts.deny help/how-to jon_k Linux - Software 1 07-25-2003 10:17 PM
hosts.deny 98steve600 Linux - General 1 01-10-2001 07:39 PM


All times are GMT -5. The time now is 05:10 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration