On 19/03/2014 6:28 a.m., admered1 wrote:
> Sorry for answering my own post, but I have found the solution to this
> problem. So for the benefit of those that might also want to know...
>
> cache_peer core.example.com parent 443 0 no-query originserver login=PASS
> ssl sslflags=DONT_VERIFY_PEER name=ssl-www.example.com
> acl wwwssl-name_acl dstdomain www.example.com
> acl wwwssl-port_acl port 443
> http_access allow wwwssl-name_acl wwwssl-port_acl
> cache_peer_access ssl-www.example.com allow wwwssl-name_acl wwwssl-port_acl
> cache_peer_access ssl-www.example.com deny all
>
> The trick is in the fact that if you supply two acls to a cache_peer_access
> or http_access command, then the two are logically ANDed. So in the above,
> the http_access and cache_peer_access both require the requested host to be
> www.example.com AND port 443.
>
For the record you can also use "proto" ACLs with value HTTP or HTTPS.
And "myportname" ACLs with the http_port / https_port name label to
identify the traffic.
Amos
Received on Tue Mar 18 2014 - 20:26:53 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 19 2014 - 12:00:05 MDT