Hey, in a case you can share your squid.conf (cleaned) I can try to pick a clue about what is going on.. it is not clear to me what is this proxy server for? it looks to me more like a forward proxy that has one and all the clients can get by their ip address to specific domains. >From squid point of view it's a forward proxy.. if it sits on the face to the internet only then it's very simple.. You can use the myport ACL to differentiate between one traffic to another. There is a *bug* in squid that when using a .domain.com you will have troubles. What squid version are you using? if you can add some IP level description I will might have more clue about the bigger picture. Is this server requires auth? IF squid picks the first rule you need to sort the ACLs in a way that squid will try to match the .domain.com last.. you can try something like this pesudo: cache_peer_access allow PROXY1 domain_acl cache_peer_access deny PROXY1 wild_car_domain_acl cache_peer_access allow PROXY2 domain_acl1 cache_peer_access deny PROXY2 wild_car_domain_acl cache_peer_access allow PROXY3 wild_car_domain_acl #end (sorry it's not full squid compatible) all the above should be OK about the access that is allowed to clients.. the http_access should be also sorted the same way.. like.. http_access allow all domain_acl http_access allow all domain_acl1 http_access allow all wild_car_domain_acl http_access deny all which should prevent others using your proxy. Hope all the above gives you an example how it should be ok.. Eliezer On 10/04/2013 12:08 AM, Reto Bachmann wrote: > Hi, > > My squid acts as a reverse proxy in my DMZ to access several different servers in my LAN. > webmail.domain.com -> > Exchange Server > intra.domain.com -> Intranet Server > www.domain.com -> Public Webserver > > So for every server I defined a rule and this works fine.. But now I would like to > add a "wildcard" rule, that *.domain.com will be redirected to the webserver. So if someone types ww.domain.com, it > goes to the webserver. I found out that I can't use a acl with .domain.com and the two other acls webmail.domain.com > and intra.domain.com at the same time since squid picks the first rule that matches. So webmail.domain.com sometimes > goes to the Webserver.... > > How can I mange squid to send all requests except the two FQDNs to www.domain.com? > > Regards, > Reto >
