How can I limit 80 traffic to one vhost and 443 traffic to a second vhost. I want to be able to hit 1.2.3.4:80 & 5.6.7.8:443, and NOT access 1.2.3.4:443 & 5.6.7.8:80? [root@calamari squid]# squid -v Squid Cache: Version 2.6.STABLE21 [root@calamari squid]# cat /etc/squid/squid.conf # SQUID 2.6.STABLE6 # NETWORK OPTIONS # ----------------------------------------------------------------------------- http_port 80 defaultsite=web.somesite.com vhost https_port 443 cert=/usr/local/ssl/owa-cert-20090629.pem key=/usr/local/ssl/owa-20090629.pem defaultsite=mail.somesite.com vhost icp_port 0 # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS # ----------------------------------------------------------------------------- hosts_file /etc/hosts dns_nameservers 1.1.1.1 1.1.1.2 url_rewrite_host_header off # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM # ----------------------------------------------------------------------------- cache_peer 1.2.3.4 parent 80 0 no-query originserver name=web acl web_site dstdomain web.somesite.com cache_peer_access web allow web_site # webmail on port 443 outside, port 80 inside cache_peer 5.6.7.8 parent 443 0 no-query originserver login=PASS front-end-https=on ssl sslflags=DONT_VERIFY_PEER name=owa acl owa_site dstdomain owa.somesite.com cache_peer_access owa allow owa_site http_access allow web_site http_access allow owa_site sslproxy_flags DONT_VERIFY_PEER hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache # OPTIONS WHICH AFFECT THE CACHE SIZE # ----------------------------------------------------------------------------- cache_mem 683 MB # LOGFILE PATHNAMES AND CACHE DIRECTORIES # ----------------------------------------------------------------------------- access_log /var/log/squid/access.log squid cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log cache_dir ufs /sqcache/cache 35000 16 256 # OPTIONS FOR TUNING THE CACHE # ----------------------------------------------------------------------------- refresh_pattern . 0 20% 4320 # ACCESS CONTROLS # ----------------------------------------------------------------------------- acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # ADMINISTRATIVE PARAMETERS # ----------------------------------------------------------------------------- cache_mgr monkey@xxxxxxxxxxxxx cache_effective_user squid cache_effective_group squid # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all # ADMINISTRATIVE PARAMETERS # ----------------------------------------------------------------------------- visible_hostname calamari.some.site.com # HTTPD-ACCELERATOR OPTIONS # ----------------------------------------------------------------------------- # TAG: httpd_accel_no_pmtu_disc on|off # In many setups of transparently intercepting proxies Path-MTU # discovery can not work on traffic towards the clients. This is # the case when the intercepting device does not fully track # connections and fails to forward ICMP must fragment messages # to the cache server. # # If you have such setup and experience that certain clients # sporadically hang or never complete requests set this to on. # #Default: # httpd_accel_no_pmtu_disc off # MISCELLANEOUS # ----------------------------------------------------------------------------- log_icp_queries off -- adam dirkmaat adirkmaat@xxxxxxxxx
