Nick Duda wrote:
Thanks a ton, this seems to have worked. I'll play more with it. Thanks again.
Nick, Dean; meet "proto" ACL. :)
acl HTTP proto HTTP
acl HTTPS proto HTTPS
It's faster than the regex.
There is also the myport type which works reliably in regular receiving
ports. With myportname for more reliability on intercept and reverse
proxy ports.
Amos
-----Original Message-----
From: Dean Weimer [mailto:dweimer@xxxxxxxxxxxx]
Sent: Friday, March 26, 2010 2:39 PM
To: Nick Duda; squid-users@xxxxxxxxxxxxxxx
Subject: RE: Having issue with reverse proxy and SSL
I believe so, I believe you can also place them in a separate file one
expression per line
Example:
A file /usr/local/squid/etc/acl_http could be as follows:
^http://some.url.com
^http://some.url2.com
^http://some.url3.com
Squid configuration lone would be as follows:
acl acl_http url_regex -i "/usr/local/squid/etc/acl_http"
Though I think I remember something about external files not working
correctly in some cases with url_regex, though I may be completely
mistaken or the problem may have been fixed. Best thing to do is test
it, if the setup isn't live it's a quick easy test to see if it works.
Also I probably should note that the -i is there to ignore case,
depending on your setup you may not want to use it.
-----Original Message-----
From: Nick Duda [mailto:nduda@xxxxxxxxxxxxxx]
Sent: Friday, March 26, 2010 1:25 PM
To: Dean Weimer; squid-users@xxxxxxxxxxxxxxx
Subject: RE: Having issue with reverse proxy and SSL
Using regex can I have multiple domains?
i.e.
acl acl_http url_regex -i ^http://some.url.com ^http://some.url2.com
^http://some.url3.com
- Nick
-----Original Message-----
From: Dean Weimer [mailto:dweimer@xxxxxxxxxxxx]
Sent: Friday, March 26, 2010 2:17 PM
To: Nick Duda; squid-users@xxxxxxxxxxxxxxx
Subject: RE: Having issue with reverse proxy and SSL
Nick,
Both http://some.url.com/ and https://some.url.com/ satisfy your
acl acl_http dstdomain some.url.com as the destination domain is the
same in both cases. Not sure if this is the best way to handle it but
if you changed your acls to use url_regex instead and used the following
it should work.
acl acl_http url_regex -i ^http://some.url.com
acl acl_ssl url_regex -i ^https://some.url.com
Dean
-----Original Message-----
From: Nick Duda [mailto:nduda@xxxxxxxxxxxxxx]
Sent: Friday, March 26, 2010 12:21 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Having issue with reverse proxy and SSL
Hi all,
I've got a reverse proxy setup but something is wrong with my config. I
want a request for a certain HTTP request to go to one cache_peer and
the exactly same request but for HTTPS to go to another cache_peer.
Right now its always hitting the same cache_peer.
Squid Cache: Version 2.6.STABLE18
configure options: '--enable-snmp' '--enable-storeio=aufs'
'--enable-ssl'
http_port 80 accel vhost
https_port 443 accel vhost cert=/path/to/cert.pem
key=/path/to/server.key
cache_peer secure.someurl.com parent 443 0 no-query originserver ssl
name=ssl sslflags=DONT_VERIFY_PEER
cache_peer 192.168.1.10 parent 80 0 no-query originserver name=http
acl acl_http dstdomain some.url.com
acl acl_ssl dstdomain some.url.com
cache_peer_access http allow acl_http
cache_peer_access ssl allow acl_ssl
http_access allow acl_http
http_access allow acl_ssl
Wouldn't that config send the request to the correcet cache_peer
depending on if it came in SSL or HTTP? It's the same URL, but either
HTTP or HTTPS always sends it to the cache_peer with the "name=http"
Thoughts?
Nick
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
Current Beta Squid 3.1.0.18
