Re: [squid-users] How to limit requests to port 80 for specific vhost

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 19 Apr 2011 13:05:14 +1200

 On Mon, 18 Apr 2011 18:56:08 -0400, adam dirkmaat wrote:
> How can I limit 80 traffic to one vhost and 443 traffic to a second
> vhost.  I want to be able to hit 1.2.3.4:80 & 5.6.7.8:443, and NOT
> access 1.2.3.4:443 & 5.6.7.8:80?
>
>
 <snip>
>
> http_port 80 defaultsite=web.somesite.com vhost
>
> https_port 443 cert=/usr/local/ssl/owa-cert-20090629.pem
> key=/usr/local/ssl/owa-20090629.pem defaultsite=mail.somesite.com
> vhost
>
 <snip>

 NP: for future-proofing the config add "accel" flag right after the
 port number. It is a no-op in these 2.x, but current releases are
 requiring it to be there.

 Add:
  acl HTTP proto HTTP
  acl HTTPS proto HTTPS

>
> cache_peer 1.2.3.4 parent 80 0 no-query originserver name=web
>
> acl web_site dstdomain web.somesite.com
>
> cache_peer_access web allow web_site
>

 Change: cache_peer_access web allow HTTP web_site

>
>
> # webmail on port 443 outside, port 80 inside
>
> cache_peer 5.6.7.8 parent 443 0 no-query originserver login=PASS
> front-end-https=on ssl sslflags=DONT_VERIFY_PEER name=owa
>
> acl owa_site dstdomain owa.somesite.com
>
> cache_peer_access owa allow owa_site
>

 Change: cache_peer_access owa allow HTTPS owa_site

>
>
> http_access allow web_site

 Change: http_access allow HTTP web_site

>
> http_access allow owa_site

 Change: http_access allow HTTPS owa_site

>
> cache_store_log /var/log/squid/store.log

 NP: that can die. Change: cache_store_log none

>
> cache_dir ufs /sqcache/cache 35000 16 256
>

 35 GB with UFS is *very* slow. Consider AUFS or DiskD

 <snip>
>
> -----------------------------------------------------------------------------
>
> acl all src 0.0.0.0/0.0.0.0

 Change: acl all src all

 Amos
Received on Tue Apr 19 2011 - 01:05:18 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 19 2011 - 12:00:04 MDT