Time for action – denying miss_access to neighbors
To force other proxy servers to use our proxy server as a sibling proxy server, we have an access rule miss_access
. Let's say we have two neighbor proxy servers, namely, 192.0.2.25 and 198.51.100.25, in our network. Now, we don't mind if 192.0.2.25 uses our proxy server as a parent proxy server, but we don't want to allow 198.51.100.25 to fetch MISS(s) via our proxy server. So, we can have the following configuration:
acl good_neighbour src 192.0.2.25 acl bad_neighbour src 198.51.100.25 miss_access allow good_neighbour # This line is not needed. Why? miss_access deny bad_neighbour miss_access allow all
The default behavior is to allow all proxy servers to fetch MISS(s) via our proxy server. In the previous configuration line, the first allow rule is not needed because we have the allow all rule at the end. The allow rule was just used to draw your attention towards the nature of miss_access directive.
What just happened?
We just learned the...
