On Tue, 28 Oct 2003, franklin lecointre wrote:
> acl IGA port 3127
> acl IGA_ass dstdomain "/usr/local/squid/etc/sites_assurances"
> http_access allow IGA_ass
> http_access deny IGA
> http_access deny all
>
> acl IGA_T port 3128
> acl IGA_info dstdomain "/usr/local/squid/etc/sites_informatiques"
> http_access allow IGA_info
> http_access deny IGA_T
> http_access deny all
I think you want
acl IGA myport 3127
acl IGA_ass dstdomain "/usr/local/squid/etc/sites_assurances"
http_access allow IGA IGA_ass
http_access deny IGA
[and similar block of rules for IGA_T]
http_access deny all
To match the proxy port where the request was accepted you need to use the
myport acl. The port acl matches the port of the requested URL.
http_access is a sequencial list of rules. The first rule where all acl
elements are true will tell if the request is allowed or denied.
http_access allow IGA IGA_ass
thus only allows access if the request was received on port 3127 and the
requested domain name is listed in sites_assurances.
http_access allow IGA
http_access allow IGA_ass
on the other hand allows access if the request was received on port 3127
OR the requested domain name is listed in sites_assurances, with no
connection between the two ACL elements.
Regards
Henrik
Received on Tue Oct 28 2003 - 13:31:50 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:43 MST