Thanks works like a charm. On Mon, Apr 18, 2011 at 9:05 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On Mon, 18 Apr 2011 18:56:08 -0400, adam dirkmaat wrote: >> >> How can I limit 80 traffic to one vhost and 443 traffic to a second >> vhost. I want to be able to hit 1.2.3.4:80 & 5.6.7.8:443, and NOT >> access 1.2.3.4:443 & 5.6.7.8:80? >> >> > <snip> >> >> http_port 80 defaultsite=web.somesite.com vhost >> >> https_port 443 cert=/usr/local/ssl/owa-cert-20090629.pem >> key=/usr/local/ssl/owa-20090629.pem defaultsite=mail.somesite.com >> vhost >> > <snip> > > NP: for future-proofing the config add "accel" flag right after the port > number. It is a no-op in these 2.x, but current releases are requiring it to > be there. > > > Add: > acl HTTP proto HTTP > acl HTTPS proto HTTPS > >> >> cache_peer 1.2.3.4 parent 80 0 no-query originserver name=web >> >> acl web_site dstdomain web.somesite.com >> >> cache_peer_access web allow web_site >> > > Change: cache_peer_access web allow HTTP web_site > >> >> >> # webmail on port 443 outside, port 80 inside >> >> cache_peer 5.6.7.8 parent 443 0 no-query originserver login=PASS >> front-end-https=on ssl sslflags=DONT_VERIFY_PEER name=owa >> >> acl owa_site dstdomain owa.somesite.com >> >> cache_peer_access owa allow owa_site >> > > Change: cache_peer_access owa allow HTTPS owa_site > >> >> >> http_access allow web_site > > Change: http_access allow HTTP web_site > >> >> http_access allow owa_site > > Change: http_access allow HTTPS owa_site > >> >> cache_store_log /var/log/squid/store.log > > NP: that can die. Change: cache_store_log none > >> >> cache_dir ufs /sqcache/cache 35000 16 256 >> > > 35 GB with UFS is *very* slow. Consider AUFS or DiskD > > <snip> >> >> >> ----------------------------------------------------------------------------- >> >> acl all src 0.0.0.0/0.0.0.0 > > Change: acl all src all > > > Amos > > -- adam dirkmaat adirkmaat@xxxxxxxxx
