Drew Wrobel wrote:
> Amos,
>
> I'm sorry that I didn't report the version of Squid that I am running.
>
> Currently I am running 2.6 STABLE 22. I will be upgrading to the latest 2.7 or 3.0 in the near future.
>
> Here is what I have in my squid.conf with the changes that you suggested:
>
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl SSL_ports port 443
> acl CONNECT method CONNECT
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> coredump_dir /var/cache/squid
> http_port 80 accel vport
> cache_peer 172.21.174.78 parent 80 0 no-query originserver round-robin login=PASS
> acl mainSite dstdomain www-dev1.company.com
> http_access allow mainSite
> cache_peer_access 172.21.174.78 allow mainSite
> cache_peer_access 172.21.174.78 deny all
> acl otherSites dstdomain .company.com
> deny_info http://www-dev1.company.com/ otherSites
> http_access deny otherSites
> http_access deny all
> icp_access deny all
> forwarded_for off
> follow_x_forwarded_for allow all
> acl_uses_indirect_client on
> delay_pool_uses_indirect_client on
> log_uses_indirect_client on
> logformat combined %{Host}>h %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
> access_log /var/log/squid/access.log combined
> collapsed_forwarding on
> vary_ignore_expire on
> cache_effective_user squid
> cache_store_log none
> client_db off
> cache_mem 512 MB
> cache_dir ufs /var/cache/squid 3000 10 10
>
> I see the following in my squid access logs:
>
> www-dev4.pepboys.com 172.21.84.170 - - [05/Jan/2010:12:02:56 -0500] "GET http://172.21.219.60/ HTTP/1.1" 302 385 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6" TCP_DENIED:NONE
>
> Does it matter that the changes are being reported as a 302 instead of a 301?
>
302 indicates a temporary move, 301 a permanent move. I don't think
it's possible to redirect using a 301 with deny_access.
> I don't know if it does or not.
>
Besides a little wasted bandwidth (with a 301 the client is more likely
to "remember" and perform the redirection locally instead of hitting
your deny_info rule), probably not.
> Thanks,
>
> Drew
Chris
Received on Wed Jan 06 2010 - 00:14:41 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 08 2010 - 12:00:02 MST