Re: [squid-users] Squid Reverse Proxy with regex matching

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 28 Aug 2009 13:03:21 +1200

Chris Robertson wrote:
> Pachulski, Keith wrote:
>> I`m working on setting up squid to act as a reverse proxy on Solaris
>> 10. The reverse proxy part is working fine. However I want to be able
>> to control the types of traffic that is passed through the reverse
>> proxy to only allow what I want. This part I have had 0 success with.
>> Can someone please send me a template for what the setup would like
>> look for doing regex pattern matching to only allow certain patterns
>> and deny all other traffic. Here is a copy of the config as I have in
>> there now for the proxy:
>>
>> cache_peer X.X.X.X parent 80 0 no-query originserver name=servername
>> cache_peer_access servername allow internal cache_peer_access
>> servername deny all acl internal dstdomain some.internal.server
>> http_access allow internal
>>
>> Attempted to do the following with no luck:
>>
>> acl allowtraffic url_regex -i "/etc/squid/allowtraffic.acl"
>> http_access allow allowtraffic internal
>> http_access deny all
>>
>
> cache_peer X.X.X.X parent 80 0 no-query originserver name=servername
> cache_peer_access servername allow internal
> cache_peer_access servername deny all
> acl internal dstdomain some.internal.server
> acl allowtraffic url_regex -i "/etc/squid/allowtraffic.acl"
> http_access allow internal allowtraffic
> http_access deny all
>
> Chris
>

Please not though one of the prime rule-of-thumbs on making your Squid
run efficiently and fast:

   avoid regex ACL.

NP: with the 'internal' ACL already taking care of domains the regex can
be reduced to urlpath_regex for a shorter and slightly faster pattern match.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13
Received on Fri Aug 28 2009 - 01:03:33 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 28 2009 - 12:00:03 MDT