Hi
This config u have suggested we use may not be able to support what we
like:
How would this access-list cope with a website like this:
http://nww.nhsmessaging.co.uk/ or
www.nhs.uk - this should go direct but
nww.nhs.uk needs to go to peer
acl NWW dstdom_regex \.?nww\.
acl NHS dstdomain .nhs.uk
cache_peer_access 3.3.3.3 allow NHS
cache_peer_access 3.3.3.3 allow NWW
never_direct allow NWW
-Original Message-
From: Chris Robertson [mailto:[EMAIL PROTECTED]
Sent: 19 September 2006 19:56
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid ACL (Is this Possible)
Mehmet, Levent (Accenture) wrote:
All
I currently have a setup which sends different domains to different
Cache_peers. This has been working fine with the below config.:
cache_peer 1.1.1.1 parent 80 80 no-query cache_peer 2.2.2.2 parent 80
80 no-query cache_peer 3.3.3.3 parent 3128 3130 no-query
cache_peer_domain 3.3.3.3 parent nww. .nhs.uk
Hmmm... I don't think that text followed by a dot is valid syntax for
cache_peer_domain or dstdomain. I'd advise making a dstdom_regex acl
and using cache_peer_access for this peer. Something like...
acl NWW dstdom_regex \.?nww\.
acl NHS dstdomain .nhs.uk
cache_peer_access 3.3.3.3 allow NHS
cache_peer_access 3.3.3.3 allow NWW
never_direct allow NWW
...in addition to the other rules you have listed.
cache_peer_domain 1.1.1.1 parent .gsi.gov.uk cache_peer_domain 2.2.2.2
parent .gsi.gov.uk
acl NHS dstdomain nww. .nhs.uk
Obviously, this ACL should be adjusted as shown above.
acl GSI dstdomain .gsi.gov.uk
cache_peer_access 3.3.3.3 allow NHS
cache_peer_access 1.1.1.1 allow GSI
never_direct allow NHS
never_direct allow GSI
When trying to access http://nww.nhs.uk this goes via the correct path
of 3.3.3.3, but our clients now wish to access the following websites,
which cause a conflict: http://nww.nhsmessaging.co.uk/ Web sites like
this cause me a issue because of the .co.uk which tries to go direct
and nww tries to go via 3.3.3.3, also with
http://www.pasa.nhs.uk/cat_default.asp www. Go direct and the nhs.uk
tries to go via 3.3.3.3. This is a major show stopper for the company.
Is there a way around this as we need to send all nww down 3.3.3.3
Thanks
Levent Mehmet
Network Analyst
Server and Network Team
[EMAIL PROTECTED] Operate Unit
Market Towers, 20th Floor
1 Nine Elms Lane
London
SW8 5NQ
E-mail: [EMAIL PROTECTED]
Phone: +44 20 7084 3517
Fax: +44 20 7084 2536
Chris
PLEASE NOTE: THE ABOVE MESSAGE WAS RECEIVED FROM THE INTERNET.
On entering the GSI, this email was scanned for viruses by the
Government Secure Intranet (GSi) virus scanning service supplied
exclusively by Cable Wireless in partnership with MessageLabs.
In case of problems, please call your organisational IT Helpdesk.
The MessageLabs Anti Virus Service is the first managed service to
achieve the CSIA Claims Tested Mark (CCTM Certificate Number
2006/04/0007), the UK Government quality mark initiative for information
security products and services. For more information about this please
visit www.cctmark.gov.uk
This email and any files transmitted with it are confidential. If you are not
the intended recipient, any reading, printing, storage, disclosure, copying or
any other action taken in respect of this email is prohibited and may be
unlawful.
If you are not the intended recipient, please notify the sender immediately by
using the reply function and then permanently delete what you have
received.Incoming and outgoing email messages are routinely monitored for
compliance with the Department of Healths policy on the use of electronic
communications.
For more information on the Department of Healths email policy, click
http;//www.doh.gov.uk/emaildisclaimer.htm
The original of this email was scanned for viruses by Government Secure
Intranet (GSi) virus scanning service supplied exclusively by Cable Wireless
in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve the
CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK
Government quality mark initiative for information security products and
services. For more information about this please visit www.cctmark.gov.uk