On 10/06/11 09:34, errno wrote:
>
> I've got squid conf that looks a bit like the following snippet:
>
> # ...
> acl ip-192.168.1.2 myip 192.168.1.2
>
> http_port 192.168.1.2:80 name=ip-192.168.1.2
> http_port 192.168.1.2:8080 name=ip-192.168.1.2
>
> tcp_outgoing_address 192.168.1.2 ip-192.168.1
> # ...
>
>
> Question: do those http_port directives need to have
> unique 'name=' entries?
unique.
> Or can they all share the
> same name? Also - and perhaps more importantly,
> is there any similar(ish) problems with the way I've
> named the 'myip' acl the same as the http_port names?
myip is at the mercy of the interception lookups.
myportname only depends on what you put in squid.conf and which actual
listening port the traffic arrives on.
The ACL values can of course list several port name= values if you want
several ports grouped to be handled the same.
>
> I tested the above and things _appear_ to be working
> as expected, but... I'm still wondering whether there
> might be subtle issues with the above config.
The only subtle problem I have been able to think of is that wildcard
listening ports are neutral/agnostic of the packets arriving on them.
The name is fixed with the actual receiving port on Squid, not the
client visible IP.
This is by design, but can be confusing to some who don't realize how
wildcard ports work. Particularly when dealing with multiple IPs spread
over multiple protocols.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2Received on Fri Jun 10 2011 - 07:09:45 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 10 2011 - 12:00:01 MDT