I have an HTTP accelerator I would like to do SSL with. I have been playing
around with SSL acell in 2.5pre10, and I seem to like it so far. I'm a bit
baffled about how one might go about setting up ACLs to prevent a particular
URL from being accessed through port 80, but ok via SSL...
For example, given URLs like this:
http://cmanager/foo
https://cmanager/foo
The redirector I'm running takes anything going to ^http://cmanager/ and
sends it to a backend http server on port 80... the first in the above list
would ideally be rejected, and the second allowed, but I can't seem to set
up an ACL that would do this.
For example, the following does not work, because https access is blocked as
well as http:
acl cmanager url_regex -i cmanager
acl SSLUrls url_regex ^https
http_access deny !SSLUrls cmanager
I've also tried:
http_access deny !SSL_ports cmanager
That doesn't work either.
I suspect that the SSL accel machinery makes squid's acl machinery handle
the URL like a normal http URL, since my redirector rule (that works) is
passed an HTTP URL by squid even on an HTTPS access.
Any thoughts on how/if this can be done with the current state of SSL accel
support?
Sean
+-----------------------------------------------------------
| Sean Upton
| Site Technology Supervisor SignOnSanDiego.com
| Development & Integration The San Diego Union-Tribune
| 619.718.5241 sean.upton@uniontrib.com
| PATH_TO_THE_DARK_SIDE = 'c:\winnt\system32'
+-----------------------------------------------------------
Received on Sun Aug 18 2002 - 23:26:22 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:44 MST