[squid-users] Conditional question

[Amos Jeffries]

On 31/05/2015 4:48 a.m., James Lay wrote:
> Per the docs:
> 
> #  Conditional configuration
> #
> #       If-statements can be used to make configuration directives
> #       depend on conditions:
> #
> #           if <CONDITION>
> #               ... regular configuration directives ...
> #           [else
> #               ... regular configuration directives ...]
> #           endif
> #
> #       The else part is optional. The keywords "if", "else", and
> "endif"
> #       must be typed on their own lines, as if they were regular
> #       configuration directives.
> #
> #       NOTE: An else-if condition is not supported.
> #
> #       These individual conditions types are supported:
> #
> #           true
> #               Always evaluates to true.
> #           false
> #               Always evaluates to false.
> #           <integer> = <integer>
> #               Equality comparison of two integer numbers.
> 
> Anyone have any examples, documentation, heck ANYTHING that can show how
> this works?  I can't seem to find a thing besides the above.

Those are for process controls (SMP, named services, etc).

>  My goal is
> something like the below:
> 
> if port = 80
>     http_access deny all
> else
>     http_access allow all
> endif
> 
> But nothing I'm trying as the condition expression is working.  Thank
> you.

The default Squid configuration should "just work"...

  http_access deny !Safe_ports
  http_access deny CONNECT !SSL_Ports
  ...
  # this one permits the CONNECT *:443 requests to get bumped
  http_access allow localnet
  ..
  http_access deny all

If you are using any other access controls on your client traffic you
need to keep in mind that Squid is dealing with "CONNECT raw-IP:443 ..."
requests in http_access / adapted_http_access / url_rewrite_access /
adaptation_access / ssl_bump prior to bumping them.

Amos