On 14.05.2012 06:48, Eliezer Croitoru wrote:
> as you can see in the acl documentation at:
> http://www.squid-cache.org/Doc/config/acl/
>
> it seems like what you need is myport that you mentioned.
> there is no need what so ever for this to use two squid instances.
> you should restrict the http_access to by more explicit such as:
>
> http_port 192.168.0.254:3128
> http_port 192.168.0.254:3129 intercept
> acl localnet src 192.168.0.0/24
> acl NormalAccess myport 3128
> acl AntiVirusUpd myport 3129
"myport" ACL only works reliably for forward-proxy traffic. Intercepted
traffic has the original destination port (can be 80 or whatever
sometimes, depending on the NAT system internals).
use "myportname" ACL instead when intercept, tproxy or accel mode
traffic is being handled.
acl NormalAccess myportname 192.168.0.254:3128
acl AntiVirusUpd myportname 192.168.0.254:3129
(or use name= option to http_port to set a custom name label for
matching.)
NP: your naming of "AntiVirusUpd" is a bit deceptive. Its not just AV
which are caught, but any software trying to avoid the proxy or not
supporting HTTP proxy properly.
Amos
Received on Sun May 13 2012 - 21:57:16 MDT
This archive was generated by hypermail 2.2.0 : Mon May 14 2012 - 12:00:02 MDT