On 31/01/2014 5:35 p.m., Amos Jeffries wrote: > On 31/01/2014 12:17 p.m., Alex Rousskov wrote: >> On 01/30/2014 03:35 PM, Amos Jeffries wrote: >> >>> P4-b: Shall we skip the arguing and go straight to ACL driven in that >>> format? I think it may be faster to simply write up a patch for ACLs >>> with a default "allow all" and simply allow/deny action choice than to >>> continue discussions around the on/off scoping. We are clearly focusing >>> on different use-cases and error conditions being more or less >>> subjectively important. The admin on the ground can probably get that >>> right far better than we can anyway. >> >> Do you want me to add an ipv4_server and ipv6_server hard-coded ACLs? >> They would work in contexts where the server address is known (any >> origin server: HTTP, FTP, Gopher, etc.). I fear opening another big can >> of worms with this! If we do not add those ACLs, how will an admin know >> that Squid is going to talk to an IPv6 server (my definition)?
Sorry just realized I can lay our mind to rest that but did not. Any time after peer selection the destination server name/FQDN/IP are known. These ACLs for FTP are being run after the server has been connected and traffic already exchanged. So the IP is most certainly known. Amos
