Re: stupid newbie question all over again...

From: Duane Wessels <>
Date: Fri, 11 Jul 97 14:13:42 -0700 writes:

>What I've done on the firewall router is ONLY allow port
>80 through from the Squid server outside. I'd like to
>allow employees who are outside the firewall to connect
>from specific IP addresses to the Squid server on port 80,
>and have it proxy the requests through the firewall to
>the actual webserver inside. This way, I can use an
>acl in the squid.conf file to list those IP's that
>should be allowed to connect.
>I _also_ want to be able to run a general purpose cache
>on port 3128. Is it possible to:
>a). Run both a caching server on port 3128, and an
> accelerator on port 80 for an internal machine?

You could sort of do this if you applied the patch at

But Squid would treat both ports the same. Both would
accept HTTP and proxy-http requests.

>b). Have different acl's for the port 80 and port 3128
> access?
>c). Ensure that objects in the cache from the port 80
> acceleration cannot be fetched via queries to port 3128
> unless the client host meets the acl requirements for
> the port 80 connection.

No. :-(

But with a bit of hacking you could probably extend the ACL features to
do this. You would want to check the local port number. The specify
something like

      acl proxy localport 3128
      acl accel localport 80
      acl blah1 dstdomain internal.blah.blah
      http_access deny blah1 !accel

Duane W.
Received on Fri Jul 11 1997 - 14:17:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:44 MST