On 10-Jul-96 Duane Wessels wrote:
# B.Duebi@zrh.sc.philips.com writes:
#
# >Hi everybody,
# >
# >Philips has a worldwide company WAN. Within this Intranet there are many web
# >servers. Most of them are not known in the DNS, so they are referenced with IP
# >numbers.
# >I have two non squid/harvest parents. One is a firewall and the other is
# >somewhere in the WAN. The firewall rejects all requests to servers within
# >philips.com. My idea was, to fetch all URLs within the WAN and philips.com
# >(this is not the same) form the proxy and everything else from the firewall.
# >Though I setup the follwing rule:
# >
# >cache_host firewall.philips.com parent 80 7
# >cache_host proxy.philips.com parent 80 7
# >cache_host_domain firewall.philips.com !.philips.com
# >
# >But how can I tell squid/cached to fetch URLs with IP numbers only from the
# >proxy and not from the firewall ?
#
# Bernhard,
#
# I'm not positive, but I think you can do it like this:
#
# acl WAN dst 192.1.0.0/16 # list your WAN networks
#
# cache_host_acl firewall.philips.com !WAN
#
# If that works, please write back to the squid-users list and let everyone
# know.
#
# Duane W.
Sorry about the delay, but even Sysadmins need some vacation.
Ok, your hint works. I removed all cache_host_domain entries and changed to
cache_host_acl. It looks as follows:
inside_firewall philips.com
local_domain zrh.sc.philips.com
acl WAN dst 130.144.0.0/16
acl Philips domain .philips.com
acl SemiCon domain .semiconductors.philips.com
acl Europe domain .ch .de .fi .nl .se .dk
acl NonEuro domain .edu .org .net .us .jp .tw
cache_host_acl proxy.philips.com SemiCon
cache_host_acl firewall.philips.com !WAN
cache_host_acl firewall.philips.com !Philips
cache_host_acl firewall.philips.com !Europe
cache_host_acl proxy.philips.com !NonEuro
The WAN acl I need to redirect numeric URLs to the proxy. The Philips acl I
need to redirect requests inside the WAN to the proxy. The Europe acl and the
NonEuro acl I use to keep the parents up, because they don't reply to ICP
requests.
Now my problem. www.semiconductors.philips.com is inside philips.com but
outside the firewall. With the SemiCon acl I wanted to tell squid to fetch the
requests always from the proxy. But squid always tries to fetch the pages
directly. Is there an other possibility to fix this problem than change
inside_firewall to none ?
TIA
Bernhard
Philips Semiconductors
----------------------------------------------------------
Telecom Product Group Berhard Duebi
Binzstrasse 44 System Manager
Postfach E-Mail: B.Duebi@zrh.sc.philips.com
CH-8045 Zuerich Fax: +41 1 465 18 06
Switzerland Voice: +41 1 465 15 40
Received on Mon Aug 05 1996 - 04:41:01 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:45 MST