Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
02-16-2005, 02:00 PM
|
#1
|
|
LQ Newbie
Registered: Oct 2004
Location: India
Posts: 26
Rep: 
|
never_direct deny all vs. always_direct deny all
Hi,
Can anyone please clarify me the difference between these two with respect to external sites in squid.
never_direct deny all vs. always_direct deny all
Thanks in advance
- Rahul
|
|
|
|
|
02-16-2005, 02:42 PM
|
#2
|
|
Senior Member
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154
Rep:
|
i kinda thought it was self-explanatory... please elaborate...
Quote:
Tag Name always_direct
Usage always_direct allow|deny [!]aclname ...
Description
Here you can use ACL elements to specify requests, which should ALWAYS be forwarded directly to origin servers. This is mostly used while using cache_peer. See also never_direct . For Further reference on always_direct, please click here.
Default always_direct is by default deny.
Example
For example, to always directly forward requests for local servers use something like:
acl local-servers dstdomain .my.domain.net
always_direct allow local-servers
To always forward FTP requests directly, use
acl FTP proto FTP
always_direct allow FTP
Example for denying specific domain
acl local-external dstdomain .external.foo.net
acl local-servers dstdomain .foo.net
always_direct deny local-external
always_direct allow local-servers
Caution
There is a similar, but opposite option named ' never_direct'. You need to be aware that "always_direct deny foo" is NOT the same thing as "never_direct allow foo". You may need to use a deny rule to exclude a more-specific case of some other rule.
Tag Name never_direct
Usage never_direct allow|deny [!]aclname ...
Description
never_direct is the opposite of always_direct. Please read the description for always_direct if you have not already.
With 'never_direct' you can use ACL elements to specify requests, which should NEVER be forwarded directly to origin servers
When always_direct and never_direct are deny (By default), Squid selects based on the request type and a number of other factors if a parent should be used or not, and if a parent could not be reached it will always fallback on direct.
If always_direct is allow then Squid will always go direct to the source without considering any peers.
If never_direct is allow then Squid will never attempt to go direct to the source. Instead it tries very hard to find a parent to send the request to. If no parent can be found then an error is returned. For Further reference on never_direct, please click here.
Default never_direct is by default deny.
Example
For example, to force the use of a proxy for all requests, except those in your local domain use something like:
acl local-servers dstdomain foo.net
acl all src 0.0.0.0/0.0.0.0
never_direct deny local-servers
never_direct allow all
or if squid is inside a firewall and there are local intranet servers inside the firewall then use something like:
acl local-intranet dstdomain .foo.net
acl local-external dstdomain .external.foo.net
always_direct deny local-external
always_direct allow local-intranet
never_direct allow all
Caution
It will be better to understand always_direct before enabling this tag
|
Last edited by secesh; 02-16-2005 at 02:43 PM.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 07:50 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
