mattp@internex.net writes:
>What I've done on the firewall router is ONLY allow port
>80 through from the Squid server outside. I'd like to
>allow employees who are outside the firewall to connect
>from specific IP addresses to the Squid server on port 80,
>and have it proxy the requests through the firewall to
>the actual webserver inside. This way, I can use an
>acl in the squid.conf file to list those IP's that
>should be allowed to connect.
>
>I _also_ want to be able to run a general purpose cache
>on port 3128. Is it possible to:
>
>a). Run both a caching server on port 3128, and an
> accelerator on port 80 for an internal machine?
You could sort of do this if you applied the patch at
http://squid.nlanr.net/Squid/1.1/1.1.10/multiple-ports.patch
But Squid would treat both ports the same. Both would
accept HTTP and proxy-http requests.
>b). Have different acl's for the port 80 and port 3128
> access?
>
>c). Ensure that objects in the cache from the port 80
> acceleration cannot be fetched via queries to port 3128
> unless the client host meets the acl requirements for
> the port 80 connection.
No. :-(
But with a bit of hacking you could probably extend the ACL features to
do this. You would want to check the local port number. The specify
something like
acl proxy localport 3128
acl accel localport 80
acl blah1 dstdomain internal.blah.blah
http_access deny blah1 !accel
Duane W.
Received on Fri Jul 11 1997 - 14:17:02 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:44 MST