Search squid archive

Dst and dstdomain ACLs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Had a question about dst and dstdomain acls.  Given the sample below:

http_port 192.168.100.1:80 accel defaultsite=www.example.com vhost
acl www dstdomain www.example.com dev.example.com
cache_peer 10.10.10.1 parent 80 0 no-query no-digest originserver
round-robin
cache_peer_access 10.10.10.1 allow www
cache_peer_access 10.10.10.1 deny all
.......
http_access allow www
http_access deny all

When someone tries to access the site by specifying an IP
(192.168.100.1) instead of the name the client gets a standard access
denied squid page.  It seems that a separate acl needs to be defined for
when someone tries to access the site using an IP?  For instance:
acl dst www_ip 192.168.100.1
 
If we wanted to pass to the backend we would need to add a extra
cache_peer_access statement
 cache_peer_access 10.10.10.1 allow www_ip

Then add:
http_access allow www_ip

Is that correct?  If we wanted to not allow IP based requests we would
still define the acl and use a http_access deny www_ip  and then use
deny_info to redirect or send a TCP Reset?  Thanks.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux