Ubuntu
squid-deb-proxy package

Merge lp:~colindean/ubuntu/natty/squid-deb-proxy/allow-but-not-cache-unspecified-domains into lp:ubuntu/natty/squid-deb-proxy

  1. Natty (11.04)
  2. allow-but-not-cache-unspecified-domains
  3. Merge into natty
Proposed by Colin Dean on 2010-11-05
Status: Merged
Merge reported by: Michael Vogt
Merged at revision: not available
Proposed branch: lp:~colindean/ubuntu/natty/squid-deb-proxy/allow-but-not-cache-unspecified-domains
Merge into: lp:ubuntu/natty/squid-deb-proxy
Diff against target: 26 lines (+12/-2)
1 file modified
squid-deb-proxy.conf (+12/-2)
To merge this branch: bzr merge lp:~colindean/ubuntu/natty/squid-deb-proxy/allow-but-not-cache-unspecified-domains
Reviewer Review Type Date Requested Status
Michael Vogt 2010-11-08 Pending
Ubuntu branches 2010-11-05 Pending
Review via email: mp+40204@code.launchpad.net

Description of the change

This adds commented lines which can be uncommented to allow access to domains not specified in the mirrors file, but with the caveat that such accesses are not cached. This essentially moves the recommendation from the bug report into the configuration file, wherein the administrator can make the decision.

It would be nicer if there was some kind of option for it ("Allow unspecified domains?") but I don't think the squid.conf options permit that kind of logic.

To post a comment you must log in.
Evan Broder (broder) wrote :

Is it harmful to have "cache deny !to_ubuntu_mirrors" turned on by default? If that was OK, you could do something like

 cache deny !to_ubuntu_mirrors

 # Comment the next line and uncomment the one after it to allow but not
 # cache domains not listed in the mirrors file
 http_access deny !to_ubuntu_mirrors
 #http_access allow !to_ubuntu_mirrors

which would simplify the changes an admin would have to make.

Colin Dean (colindean) wrote :

I'm cool with that. Shall I make the change and repropose?

Evan Broder (broder) wrote :

That would be great, thanks.

lp:~colindean/ubuntu/natty/squid-deb-proxy/allow-but-not-cache-unspecified-domains updated on 2010-11-09
6. By Colin Dean on 2010-11-09

effecting changes suggested by Evan Broder

Michael Vogt (mvo) wrote :

Thanks, merged and will be part of the next upload.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'squid-deb-proxy.conf'
2--- squid-deb-proxy.conf 2010-01-26 09:19:50 +0000
3+++ squid-deb-proxy.conf 2010-11-09 16:04:49 +0000
4@@ -63,10 +63,20 @@
5 acl Safe_ports port 80
6 acl Safe_ports port 443 563
7
8-# only allow port we trust
9+# only allow ports we trust
10 http_access deny !Safe_ports
11-# and only to ubuntu
12+
13+# allow access only to official ubuntu mirrors
14+# uncomment the second line to permit unlisted domains
15 http_access deny !to_ubuntu_mirrors
16+#http_access allow !to_ubuntu_mirrors
17+
18+# don't cache domains not listed in the mirrors file
19+# uncomment the second line to cache unlisted domains
20+cache deny !to_ubuntu_mirrors
21+#cache allow !to_ubuntu_mirrors
22+
23+
24
25 # allow access from our network and localhost
26 http_access allow allowed_networks

Subscribers

People subscribed via source and target branches

to all changes: