Search squid archive

Re: ACLs to direct request to proper parent?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> I've recently installed a Squid 2.6STABLE16 system in a country that
> requires all web browsing to go through a government-specified proxy
> server.  The Government runs a non-transparent proxy setup that must be
> explicitly listed in the Squid configuration.
>
> That would normally be easy, as all I'd do is list the Governement proxy
> as a parent.  However, I have three types of traffic I'd like to direct
> to different places:
>
> 	1.  Traffic that should be virus-scanned before delivering to
> the client.
> 	2.  Traffic that should not be virus-scanned such as web
> conferencing.
> 	3.  Traffic that is internal and should not be virus scanned or
> given to the Government proxy.
>
> Here's what I have so far:
>
>   cache_peer 127.0.0.1 parent 8080 7 name=vscan no-query no-digest
> default
>   cache_peer govproxy  parent 3128 7 no-query no-digest
>
>   cache_peer_domain vscan  !.pressaccess.com !.presentonline.com
>   cache_peer_domain vscan  !.interactconferencing.com !.raindance.com
>   cache_peer_domain vscan  !.mshow.com !.placeware.com
>   cache_peer_domain vscan  !.ilearning.com !.kindercam.com
> !.fidelity.com
>   cache_peer_domain vscan  !.lexisnexis.com !data.finlistics-vm.com
>   cache_peer_domain vscan  !library.midicorp.com
>   cache_peer_domain vscan  !.finance.yahoo.com !.tenrox.com
> !.riskadvisory.com
>
>   acl internal-dst dst 10.0.0.0/255.0.0.0
>   acl internal-dst dst 172.16.0.0/255.240.0.0
>   acl internal-dst dst 192.168.0.0/255.255.0.0
>   always_direct allow internal-dst
>
> I'd like to bypass the virus scanner for more things than just domain
> lists.  I'd like to be able to use an ACL like:
>   acl novirus-url urlpath_regex -i \.gif(\?.*)?$ \.jpg(\?.*)?$
> \.png(\?.*)?$
>   acl novirus-url urlpath_regex -i \.mpe?g(\?.*)?$ \.avi(\?.*)?$
> \.swf(\?.*)?$
>   acl novirus-url urlpath_regex -i \.qt(\?.*)?$ \.mov(\?.*)?$
> \.as[fx](\?.*)?$
>   acl novirus-url urlpath_regex -i \.rm(\?.*)?$ \.wm[av](\?.*)?$
> \.mp3(\?.*)?$
>   acl novirus-url urlpath_regex -i \.m4[avp](\?.*)?$ \.mp4v?(\?.*)?$
>   acl novirus-url urlpath_regex -i \.wav(\?.*)?$
> And then use that ACL to bypass the virus scanner and go directly to the
> Government proxy.  I didn't see anything in Squid 2.6STABLE16 that would
> do what I need.  Am I missing something?

Yes. cache_peer_access

Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux