<div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jan 28, 2025 at 9:47 PM Ervin Hegedüs <<a href="mailto:airween@gmail.com" target="_blank">airween@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi there,</div><div><br></div><div>I would like to allow a specific URL for a specific client. This is how I try to do that:</div><div><br></div><div><span style="font-family:monospace">acl wordpressgravity url_regex -i ^https?://s3\.amazonaws\.com\/gravityforms\/releases\/.*<br>acl vmapache1 src <a href="http://172.30.40.5/32" target="_blank">172.30.40.5/32</a><br></span></div><div><span style="font-family:monospace">http_access allow vmapache1 wordpressgravity</span></div></div></blockquote><div><br></div><div><font face="arial, sans-serif">Unless you are using SSL man-in-the-middle, Squid never sees the request URL for https.</font></div><div><font face="arial, sans-serif">What it sees is a CONNECT request to the domain <a href="http://s3.amazonaws.com" target="_blank">s3.amazonaws.com</a>; it never sees the full path.</font></div><div><font face="arial, sans-serif">This is intentional, by design of https.</font></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>The URL is something like this:</div><div><br><a href="https://s3.amazonaws.com/gravityforms/releases/gravityforms_2.9.2.zip?AWSAccessKeyId=AKblahblah4F&Expires=1712345678&Signature=0cblahblah%3D" target="_blank">https://s3.amazonaws.com/gravityforms/releases/gravityforms_2.9.2.zip?AWSAccessKeyId=AKblahblah4F&Expires=1712345678&Signature=0cblahblah%3D</a></div><div><br></div><div>but it does not work - I always get 403.</div><div><br></div><div>What do I do wrong?</div></div></blockquote><div><br></div><div>You can filter to the domain, using a combination of 3 acls:</div><div>- a CONNECT acl</div><div>- the vmapache1 acl</div><div>- a dstdomain acl for <a href="http://s3.amazonaws.com">s3.amazonaws.com</a></div><div><br></div><div>It's not possible to filter the path</div><div> </div></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature">    Francesco</div></div>
</div>