Juan Carlos Castro y Castro wrote:
> What bad can happen in this case? Doesn't squid refuse the connection
> request instantly if it comes from an acl-forbidden address?
ACL processing occurs rather late in the processing of requests, after
requests have been decoded and a number of other things which occur
prior to contacting the next hop. Also Squid ACL processing is fairly
complex by nature. Compared to the average code used in a firewall Squid
is huge with theoretically much more opportunities for errors,
especially if you add to the fact that firewall code is usually
througtfully audited, while Squid is not.
--
Henrik Nordstrom
Spare time Squid hacker
