Merge lp:~colindean/ubuntu/natty/squid-deb-proxy/allow-but-not-cache-unspecified-domains into lp:ubuntu/natty/squid-deb-proxy

Proposed by Colin Dean
Status: Merged
Merge reported by: Michael Vogt
Merged at revision: not available
Proposed branch: lp:~colindean/ubuntu/natty/squid-deb-proxy/allow-but-not-cache-unspecified-domains
Merge into: lp:ubuntu/natty/squid-deb-proxy
Diff against target: 26 lines (+12/-2)
1 file modified
squid-deb-proxy.conf (+12/-2)
To merge this branch: bzr merge lp:~colindean/ubuntu/natty/squid-deb-proxy/allow-but-not-cache-unspecified-domains
Reviewer Review Type Date Requested Status
Michael Vogt Pending
Ubuntu branches Pending
Review via email: mp+40204@code.launchpad.net

Description of the change

This adds commented lines which can be uncommented to allow access to domains not specified in the mirrors file, but with the caveat that such accesses are not cached. This essentially moves the recommendation from the bug report into the configuration file, wherein the administrator can make the decision.

It would be nicer if there was some kind of option for it ("Allow unspecified domains?") but I don't think the squid.conf options permit that kind of logic.

To post a comment you must log in.
Revision history for this message
Evan Broder (broder) wrote :

Is it harmful to have "cache deny !to_ubuntu_mirrors" turned on by default? If that was OK, you could do something like

 cache deny !to_ubuntu_mirrors

 # Comment the next line and uncomment the one after it to allow but not
 # cache domains not listed in the mirrors file
 http_access deny !to_ubuntu_mirrors
 #http_access allow !to_ubuntu_mirrors

which would simplify the changes an admin would have to make.

Revision history for this message
Colin Dean (colindean) wrote :

I'm cool with that. Shall I make the change and repropose?

Revision history for this message
Evan Broder (broder) wrote :

That would be great, thanks.

6. By Colin Dean

effecting changes suggested by Evan Broder

Revision history for this message
Michael Vogt (mvo) wrote :

Thanks, merged and will be part of the next upload.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'squid-deb-proxy.conf'
--- squid-deb-proxy.conf 2010-01-26 09:19:50 +0000
+++ squid-deb-proxy.conf 2010-11-09 16:04:49 +0000
@@ -63,10 +63,20 @@
63acl Safe_ports port 8063acl Safe_ports port 80
64acl Safe_ports port 443 563 64acl Safe_ports port 443 563
6565
66# only allow port we trust66# only allow ports we trust
67http_access deny !Safe_ports67http_access deny !Safe_ports
68# and only to ubuntu68
69# allow access only to official ubuntu mirrors
70# uncomment the second line to permit unlisted domains
69http_access deny !to_ubuntu_mirrors71http_access deny !to_ubuntu_mirrors
72#http_access allow !to_ubuntu_mirrors
73
74# don't cache domains not listed in the mirrors file
75# uncomment the second line to cache unlisted domains
76cache deny !to_ubuntu_mirrors
77#cache allow !to_ubuntu_mirrors
78
79
7080
71# allow access from our network and localhost81# allow access from our network and localhost
72http_access allow allowed_networks82http_access allow allowed_networks

Subscribers

People subscribed via source and target branches

to all changes: