mån 2003-03-10 klockan 15.51 skrev Hawk:
> Sorry for boring you again...this my confs:
>
> acl vdlhttp url_regex -i www.mysite.com/vdl dst_port 80
this matches case sensitive URL having any of the substrings "www[any
character]mysite[any character]com/vdl", "dst_port" or "80" in them.
Probably not what you want..
> http_access deny vdlhttp
> http_access allow all
> httpd_accel_port 80
> httpd_accel_host virtual
> httpd_accel_single_host off
> httpd_accel_uses_host_header on
>
> with this configuration both https & http for that sites are denied
what you want is
acl vdl urlpath_regex ^/vdl
acl mysite dstdomain www.mysite.com
acl http_port_80 myport 80
http_access deny mysite vdl http_port_80
Another important note:
You do not want to run a accelerator with "http_access allow all".. You
MUST set up access controls on which destinations may be reached via the
accelerator. If not your accelerator can easily be abused as an open
proxy, bouncing via the accelerator to any server on on the Internet. It
is only a matter of minutes before such openly configured accelerator is
found and abused by hackers for purposes you absolutely have not
intended when setting up the accelerator..
Instead of http_access allow all you want something like this in an
accelerator:
acl my_sites dstdomain www.mysite.com www.myothersite.com ...
acl port80 port 80
acl http protocol http
http_access allow my_sites http port80
If the list of sites is long use an include file
acl my_sites dstdomain "/path/to/accelerated_sites.txt"
-- Henrik Nordstrom <hno@squid-cache.org> MARA Systems AB, SwedenReceived on Mon Mar 10 2003 - 08:43:43 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:59 MST