Thanks a ton, this seems to have worked. I'll play more with it. Thanks again. -----Original Message----- From: Dean Weimer [mailto:dweimer@xxxxxxxxxxxx] Sent: Friday, March 26, 2010 2:39 PM To: Nick Duda; squid-users@xxxxxxxxxxxxxxx Subject: RE: Having issue with reverse proxy and SSL I believe so, I believe you can also place them in a separate file one expression per line Example: A file /usr/local/squid/etc/acl_http could be as follows: ^http://some.url.com ^http://some.url2.com ^http://some.url3.com Squid configuration lone would be as follows: acl acl_http url_regex -i "/usr/local/squid/etc/acl_http" Though I think I remember something about external files not working correctly in some cases with url_regex, though I may be completely mistaken or the problem may have been fixed. Best thing to do is test it, if the setup isn't live it's a quick easy test to see if it works. Also I probably should note that the -i is there to ignore case, depending on your setup you may not want to use it. -----Original Message----- From: Nick Duda [mailto:nduda@xxxxxxxxxxxxxx] Sent: Friday, March 26, 2010 1:25 PM To: Dean Weimer; squid-users@xxxxxxxxxxxxxxx Subject: RE: Having issue with reverse proxy and SSL Using regex can I have multiple domains? i.e. acl acl_http url_regex -i ^http://some.url.com ^http://some.url2.com ^http://some.url3.com - Nick -----Original Message----- From: Dean Weimer [mailto:dweimer@xxxxxxxxxxxx] Sent: Friday, March 26, 2010 2:17 PM To: Nick Duda; squid-users@xxxxxxxxxxxxxxx Subject: RE: Having issue with reverse proxy and SSL Nick, Both http://some.url.com/ and https://some.url.com/ satisfy your acl acl_http dstdomain some.url.com as the destination domain is the same in both cases. Not sure if this is the best way to handle it but if you changed your acls to use url_regex instead and used the following it should work. acl acl_http url_regex -i ^http://some.url.com acl acl_ssl url_regex -i ^https://some.url.com Dean -----Original Message----- From: Nick Duda [mailto:nduda@xxxxxxxxxxxxxx] Sent: Friday, March 26, 2010 12:21 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Having issue with reverse proxy and SSL Hi all, I've got a reverse proxy setup but something is wrong with my config. I want a request for a certain HTTP request to go to one cache_peer and the exactly same request but for HTTPS to go to another cache_peer. Right now its always hitting the same cache_peer. Squid Cache: Version 2.6.STABLE18 configure options: '--enable-snmp' '--enable-storeio=aufs' '--enable-ssl' http_port 80 accel vhost https_port 443 accel vhost cert=/path/to/cert.pem key=/path/to/server.key cache_peer secure.someurl.com parent 443 0 no-query originserver ssl name=ssl sslflags=DONT_VERIFY_PEER cache_peer 192.168.1.10 parent 80 0 no-query originserver name=http acl acl_http dstdomain some.url.com acl acl_ssl dstdomain some.url.com cache_peer_access http allow acl_http cache_peer_access ssl allow acl_ssl http_access allow acl_http http_access allow acl_ssl Wouldn't that config send the request to the correcet cache_peer depending on if it came in SSL or HTTP? It's the same URL, but either HTTP or HTTPS always sends it to the cache_peer with the "name=http" Thoughts? Nick
