Had a question about dst and dstdomain acls. Given the sample below: http_port 192.168.100.1:80 accel defaultsite=www.example.com vhost acl www dstdomain www.example.com dev.example.com cache_peer 10.10.10.1 parent 80 0 no-query no-digest originserver round-robin cache_peer_access 10.10.10.1 allow www cache_peer_access 10.10.10.1 deny all ....... http_access allow www http_access deny all When someone tries to access the site by specifying an IP (192.168.100.1) instead of the name the client gets a standard access denied squid page. It seems that a separate acl needs to be defined for when someone tries to access the site using an IP? For instance: acl dst www_ip 192.168.100.1 If we wanted to pass to the backend we would need to add a extra cache_peer_access statement cache_peer_access 10.10.10.1 allow www_ip Then add: http_access allow www_ip Is that correct? If we wanted to not allow IP based requests we would still define the acl and use a http_access deny www_ip and then use deny_info to redirect or send a TCP Reset? Thanks. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
