How can I limit 80 traffic to one vhost and 443 traffic to a second
vhost. I want to be able to hit 1.2.3.4:80 & 5.6.7.8:443, and NOT
access 1.2.3.4:443 & 5.6.7.8:80?
[root_at_calamari squid]# squid -v
Squid Cache: Version 2.6.STABLE21
[root_at_calamari squid]# cat /etc/squid/squid.conf
# SQUID 2.6.STABLE6
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 80 defaultsite=web.somesite.com vhost
https_port 443 cert=/usr/local/ssl/owa-cert-20090629.pem
key=/usr/local/ssl/owa-20090629.pem defaultsite=mail.somesite.com
vhost
icp_port 0
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
hosts_file /etc/hosts
dns_nameservers 1.1.1.1 1.1.1.2
url_rewrite_host_header off
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
cache_peer 1.2.3.4 parent 80 0 no-query originserver name=web
acl web_site dstdomain web.somesite.com
cache_peer_access web allow web_site
# webmail on port 443 outside, port 80 inside
cache_peer 5.6.7.8 parent 443 0 no-query originserver login=PASS
front-end-https=on ssl sslflags=DONT_VERIFY_PEER name=owa
acl owa_site dstdomain owa.somesite.com
cache_peer_access owa allow owa_site
http_access allow web_site
http_access allow owa_site
sslproxy_flags DONT_VERIFY_PEER
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------
cache_mem 683 MB
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_dir ufs /sqcache/cache 35000 16 256
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
refresh_pattern . 0 20% 4320
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr monkey_at_somewhere.com
cache_effective_user squid
cache_effective_group squid
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
visible_hostname calamari.some.site.com
# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------
# TAG: httpd_accel_no_pmtu_disc on|off
# In many setups of transparently intercepting proxies Path-MTU
# discovery can not work on traffic towards the clients. This is
# the case when the intercepting device does not fully track
# connections and fails to forward ICMP must fragment messages
# to the cache server.
#
# If you have such setup and experience that certain clients
# sporadically hang or never complete requests set this to on.
#
#Default:
# httpd_accel_no_pmtu_disc off
# MISCELLANEOUS
# -----------------------------------------------------------------------------
log_icp_queries off
-- adam dirkmaat adirkmaat_at_gmail.comReceived on Mon Apr 18 2011 - 22:56:19 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 19 2011 - 12:00:04 MDT