[squid-users] Dst and dstdomain ACLs
creditu at eml.cc
creditu at eml.cc
Fri Jan 20 02:01:11 UTC 2017
Had a question about dst and dstdomain acls. Given the sample below:
http_port 192.168.100.1:80 accel defaultsite=www.example.com vhost
acl www dstdomain www.example.com dev.example.com
cache_peer 10.10.10.1 parent 80 0 no-query no-digest originserver
round-robin
cache_peer_access 10.10.10.1 allow www
cache_peer_access 10.10.10.1 deny all
.......
http_access allow www
http_access deny all
When someone tries to access the site by specifying an IP
(192.168.100.1) instead of the name the client gets a standard access
denied squid page. It seems that a separate acl needs to be defined for
when someone tries to access the site using an IP? For instance:
acl dst www_ip 192.168.100.1
If we wanted to pass to the backend we would need to add a extra
cache_peer_access statement
cache_peer_access 10.10.10.1 allow www_ip
Then add:
http_access allow www_ip
Is that correct? If we wanted to not allow IP based requests we would
still define the acl and use a http_access deny www_ip and then use
deny_info to redirect or send a TCP Reset? Thanks.
More information about the squid-users
mailing list