[squid-users] Conditional question

James Lay jlay at slave-tothe-box.net
Sat May 30 22:04:25 UTC 2015


On Sun, 2015-05-31 at 08:45 +1200, Amos Jeffries wrote:

> On 31/05/2015 4:48 a.m., James Lay wrote:
> > Per the docs:
> > 
> > #  Conditional configuration
> > #
> > #       If-statements can be used to make configuration directives
> > #       depend on conditions:
> > #
> > #           if <CONDITION>
> > #               ... regular configuration directives ...
> > #           [else
> > #               ... regular configuration directives ...]
> > #           endif
> > #
> > #       The else part is optional. The keywords "if", "else", and
> > "endif"
> > #       must be typed on their own lines, as if they were regular
> > #       configuration directives.
> > #
> > #       NOTE: An else-if condition is not supported.
> > #
> > #       These individual conditions types are supported:
> > #
> > #           true
> > #               Always evaluates to true.
> > #           false
> > #               Always evaluates to false.
> > #           <integer> = <integer>
> > #               Equality comparison of two integer numbers.
> > 
> > Anyone have any examples, documentation, heck ANYTHING that can show how
> > this works?  I can't seem to find a thing besides the above.
> 
> Those are for process controls (SMP, named services, etc).
> 
> >  My goal is
> > something like the below:
> > 
> > if port = 80
> >     http_access deny all
> > else
> >     http_access allow all
> > endif
> > 
> > But nothing I'm trying as the condition expression is working.  Thank
> > you.
> 
> The default Squid configuration should "just work"...
> 
>   http_access deny !Safe_ports
>   http_access deny CONNECT !SSL_Ports
>   ...
>   # this one permits the CONNECT *:443 requests to get bumped
>   http_access allow localnet
>   ..
>   http_access deny all
> 
> If you are using any other access controls on your client traffic you
> need to keep in mind that Squid is dealing with "CONNECT raw-IP:443 ..."
> requests in http_access / adapted_http_access / url_rewrite_access /
> adaptation_access / ssl_bump prior to bumping them.
> 
> Amos
> _______________________________________________


Thanks Amos....in starting from scratch I completely neglected to even
allow localnets...yugh!  Continuing on and will post my final results.

James

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150530/f68bcfb8/attachment.html>


More information about the squid-users mailing list