On 19/03/2014 6:28 a.m., admered1 wrote: > Sorry for answering my own post, but I have found the solution to this > problem. So for the benefit of those that might also want to know... > > cache_peer core.example.com parent 443 0 no-query originserver login=PASS > ssl sslflags=DONT_VERIFY_PEER name=ssl-www.example.com > acl wwwssl-name_acl dstdomain www.example.com > acl wwwssl-port_acl port 443 > http_access allow wwwssl-name_acl wwwssl-port_acl > cache_peer_access ssl-www.example.com allow wwwssl-name_acl wwwssl-port_acl > cache_peer_access ssl-www.example.com deny all > > The trick is in the fact that if you supply two acls to a cache_peer_access > or http_access command, then the two are logically ANDed. So in the above, > the http_access and cache_peer_access both require the requested host to be > www.example.com AND port 443. > For the record you can also use "proto" ACLs with value HTTP or HTTPS. And "myportname" ACLs with the http_port / https_port name label to identify the traffic. Amos
