Thanks for clarifying that up Henrik! I have another problem regarding this though. This is what I have in squid.conf: acl CP_HTTP proto HTTP acl CP_HTTPS proto HTTPS # Site1 acl CP_Site1 dstdomain site1.domain.com http_port 172.30.5.5:80 accel vhost https_port 172.30.5.5:443 accel vhost cert=/etc/ssl/squidCerts/site1.crt key=/etc/ssl/squidCerts/site1.key cache_peer 10.1.5.5 parent 80 0 no-query login=PASS originserver connection-auth=on name=site1 cache_peer_access site1 deny !CP_Site1 !CP_HTTP cache_peer 10.1.5.5 parent 443 0 no-query ssl sslflags=DONT_VERIFY_PEER front-end-https login=PASS originserver name=site1_ssl cache_peer_access site1_ssl deny !CP_Site1 !CP_HTTPS # site2 acl CP_Site2 dstdomain site2.domain.com http_port 172.30.5.61:80 accel vhost https_port 172.30.5.6:443 accel vhost cert=/etc/ssl/squidCerts/site2.crt key=/etc/ssl/squidCerts/site2.key cache_peer 10.1.5.6 parent 80 0 no-query login=PASS originserver connection-auth=on name=site2 cache_peer_access site2deny !CP_Site2 !CP_HTTP cache_peer 10.1.5.6 parent 443 0 no-query ssl sslflags=DONT_VERIFY_PEER front-end-https login=PASS originserver name=site2_ssl cache_peer_access site2_ssl deny !CP_Site2 !CP_HTTPS My problem is in that when I try to hit site2.domain.com, it always goes to the page for site1.domain.com. I know theres something up with the cache_peer_access rules, but I cant figure it out. I RTFM and searched and cant find the answer. Conversely, if I clear the cache and then put site2 config before site1 in squid.conf and try to hit site1, Ill get the page for site2. I also tried using something like this: cache_peer_access site1 allow CP_Site1 CP_HTTP cahce_peer_access site1 deny all But squid reports a bungled line msg on the deny all line. Any ideas? -Rob On 2/14/07, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote:
ons 2007-02-14 klockan 11:27 -0600 skrev Rob Squid: > I have some hosts that I am accelerating > http and https traffic on the same host. Do I need to have a > cache_peer line for both http and https? You need a cache_peer per backend server:port you want Squid to forward request to. > How can I differeniate the two? By assigning names to the cache_peer lines (name= option), and using cache_peer_access to select what gets forwarded where. > acl CP_Port port 80 > acl CP_Port_SSL port 443 I would use protocol instead, but that's me.. > http_port 172.30.5.5:80 accel vhost > https_port 172.30.5.5:443 accel vhost cert=/etc/ssl/squidCerts/cert.crt key=/etc/ssl/squidCerts/key.key > acl CP_Site dstdomain site.domain.com > cache_peer 192.168.5.5 parent 80 0 no-query login=PASS originserver connection-auth=on name=site > cache_peer_access site allow CP_Site CP_Port > cache_peer 192.168.5.5 parent 443 0 no-query ssl sslflags=DONT_VERIFY_PEER front-end-https name=site_ssl > cache_peer_access site_ssl allow CP_Site CP_Port_SSL Looks reasonable to me. Regards Henrik