AW: [squid-users] HTTP Accellerator

From: Harald Scharf <>
Date: Tue, 20 Mar 2001 11:41:25 +0100

Thanx for your help, but the problem seems to be another :

if i make the ACL Setup how you described,
the proxy redirector only works for the lokal sites.
For example :
if i configure a remote browser without any proxy setting, and
i use your the ACL :

>> acl localsites dstdomain ....
>> acl all src
>> acl http proto http
>> acl port80 port 80
>> http_access allow localsites http port80
>> http_access allow cachemgr management_servers
>> http_access deny all

then the redirector denies every rewrite of the domain, which is not listed
the ACL List.
But the Proxy makes a Rewrite of the URL, if the browser is
configured with the redirector Proxy as http proxy.
And the Redirector rewrites ANY url.
If it is not listed in the perl script, then the Proxy fetches the site from
origin server.

I used the simple PERL redirector from the squid howtos

Did i make a very bad configuration mistake ?

-----Ursprüngliche Nachricht-----
Von: []
Gesendet: Montag, 19. März 2001 20:07
An: Harald Scharf
Cc: ''
Betreff: Re: [squid-users] HTTP Accellerator

### Local Access lists ###

# local accelerated domains
# (can also use dst ACL type to list the server addresses
# instead of domains)
acl localsites dstdomain ....

# management servers that can host cachemgr.cgi or use client
# to access cachemgr info/statistics
acl management_servers src ...

### END of local access lists ###

# Other useful definitions (static)
acl all src
acl http proto http
acl port80 port 80
acl cachemgr proto cache_object

# Allow world access to localsites
http_access allow localsites http port80
# Allow magagement servers access to cachemgr
http_access allow cachemgr management_servers
# Deny all else
http_access deny all

Henrik Nordstrom
Squid hacker
Harald Scharf wrote:
> Hello to all,
> Im running Squid Version 2.3.STABLE2 as an http accellerator and a proxy
> server.
> The redirector works well with a simple perl script, but i have big
> problems,
> to tell squid, that he should only answer query for local domains.
> The Probelm is :
> Everybody in the world can enter a simple proxy setting for :
> and the accellerator friendly makes this requets for the remote client.
> I tried some acls like :
> acl localsites dstdomain ...
> acl clients src
> acl otherdsites
> http_access allow localsites
> http_access allow clients
> http_access deny othersites
> With this rules i could not obtain, that squid only serves for his local
> domains.
> heeeeelp, please....
> thx
> Harald Scharf
Received on Tue Mar 20 2001 - 03:41:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:44 MST