On Sun, 23 Oct 2005, Henrik Nordstrom wrote: > > > On Sat, 22 Oct 2005, Merton Campbell Crockett wrote: > > > The problem that I am having is that HTTP requests that use an IP address > > are being forwarded to the parent cache. Can you not combine "dstdomain" > > and "dst" in the same acl? > > You can use IP addresses in a dstdomain acl if you like. This will match > requests using these explicit IP addresses only. That works. I was hoping for something like tcpwrapper's host.allow IP address wildcards, i.e. "166.16.". > Or you could use dst acls in addition to the dstdomain acls. The problem was how to merge "dst" and "dstdomain" expressions into a single named but, in retrospect, it was probably a simple matter of listing the named ACLs on a single line to "OR" them together. Squid doesn't like two different types of expressions in the same named ACL. After a weekend of playing, I could find no possible way for my internal, load-balanced proxy servers to share cached information without forwarding all requests to the parent proxy at the security perimeter. I would need a fourth proxy, defined as a parent, dedicated to the corporate WAN. Bummer! Merton Campbell Crockett -- BEGIN: vcard VERSION: 3.0 FN: Merton Campbell Crockett ORG: General Dynamics Advanced Information Systems; Intelligence and Exploitation Systems N: Crockett;Merton;Campbell EMAIL;TYPE=internet: mcc@xxxxxxxxxxxxxxx TEL;TYPE=work,voice,msg,pref: +1(805)497-5045 TEL;TYPE=work,fax: +1(805)497-5050 TEL;TYPE=cell,voice,msg: +1(805)377-6762 END: vcard
