On tor, 2007-10-04 at 07:46 +0800, Adrian Chadd wrote:
> On Thu, Oct 04, 2007, Henrik Nordstrom wrote:
> > On tor, 2007-10-04 at 12:16 +1300, Amos Jeffries wrote:
> >
> > > oh, that configuration is turning those machines into open proxies for
> > > anyone who wants to point their domain at 'em.
> >
> > No it won't, accelerator mode means an implicit "never_direct allow all"
> > just to prevent this from happening, which means requests can only get
> > forwaded if there is cache_peer where the request may be forwarded.
>
> Phew. I did just re-check it and Henrik's right.
But Amos is right that the public template should have access controls
to make this dead clear, or at least "never_direct allow all". It's hard
to know what the admin does to the config and this implicit
"never_direct" is pretty well hidden..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Tue Oct 30 2007 - 13:00:03 MDT