On Mon, 18 Apr 2011 18:56:08 -0400, adam dirkmaat wrote:
How can I limit 80 traffic to one vhost and 443 traffic to a second
vhost. I want to be able to hitÂ1.2.3.4:80Â&Â5.6.7.8:443, and NOT
accessÂ1.2.3.4:443Â&Â5.6.7.8:80?
<snip>
http_port 80 defaultsite=web.somesite.comÂvhost
https_port 443 cert=/usr/local/ssl/owa-cert-20090629.pem
key=/usr/local/ssl/owa-20090629.pem defaultsite=mail.somesite.com
vhost
<snip>
NP: for future-proofing the config add "accel" flag right after the
port number. It is a no-op in these 2.x, but current releases are
requiring it to be there.
Add:
acl HTTP proto HTTP
acl HTTPS proto HTTPS
cache_peer 1.2.3.4 parent 80 0 no-query originserver name=web
acl web_site dstdomainÂweb.somesite.com
cache_peer_access web allow web_site
Change: cache_peer_access web allow HTTP web_site
# webmail on port 443 outside, port 80 inside
cache_peer 5.6.7.8 parent 443 0 no-query originserver login=PASS
front-end-https=on ssl sslflags=DONT_VERIFY_PEER name=owa
acl owa_site dstdomainÂowa.somesite.com
cache_peer_access owa allow owa_site
Change: cache_peer_access owa allow HTTPS owa_site
http_access allow web_site
Change: http_access allow HTTP web_site
http_access allow owa_site
Change: http_access allow HTTPS owa_site
cache_store_log /var/log/squid/store.log
NP: that can die. Change: cache_store_log none
cache_dir ufs /sqcache/cache 35000 16 256
35 GB with UFS is *very* slow. Consider AUFS or DiskD
<snip>
-----------------------------------------------------------------------------
acl all srcÂ0.0.0.0/0.0.0.0
Change: acl all src all
Amos
