--On 11 February 2003 21:10 +1100 Robert Collins <robertc@squid-cache.org>
wrote:
> ...
> default rules here
> ...
>
> acl mybackend dst 192.168.50.50
> http_access allow mybackend
> http_access deny all
>
> Rob
This nets a "The requested URL could not be retrieved ... Accesss Denied"
being sent back to the client.
At the moment, I have www2.examplesite.com pointing to the accelerator -
and I'm using a director to re-write that to 'www.examplesite.com' (So I
can leave the original server alone until the accelerator is sorted out - I
should have said that before).
If I add:
acl mybackend dst 10.0.0.1 <- IP address of the accelerator
i.e. that www2.examplesite.com points to
It seems to work Ok.
If I submit a fake 'GET' with a host: header of www.intel.com - I get an
access denied back.
One interesting thing (which may have been tripping me up before) - If I
get the redirector code to change 'www2.examplesite.com' into
'www.intel.com' - Squid will honor the request, and go fetch intel's page -
even though a faked:
GET / HTTP/1.1
Host: www.intel.com
Nets an "Access Denied" response to the client. This would seem to indicate
that the ACL is applied before the headers are passed through the
redirector.
I think the end result is safe enough though. Thanks for your gentle guide
back in the right direction :)
Regards,
-Karl
Received on Tue Feb 11 2003 - 03:55:22 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:18 MST