Then see the Squid FAQ on debugging access controls. Regards Henrik
On Monday 10 March 2003 16.58, Hawk wrote: > Henrik, > > it doesn't work :-( > > Anyway i forgot to paste this acl lines: > > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny vdlsite vdlhttp http_port_80 > http_access allow all > > This because this squid should be my acceleration for my internet > web sites. > > However changing conf as you told me doesn't work yet. > > In this way www.mysite.com/vdl is never blocked (http or https). > > Thanks > > Rick > > At 16.43 10/03/2003, Henrik Nordstrom wrote: > >m�n 2003-03-10 klockan 15.51 skrev Hawk: > > > Sorry for boring you again...this my confs: > > > > > > acl vdlhttp url_regex -i www.mysite.com/vdl dst_port 80 > > > >this matches case sensitive URL having any of the substrings > > "www[any character]mysite[any character]com/vdl", "dst_port" or > > "80" in them. Probably not what you want.. > > > > > http_access deny vdlhttp > > > http_access allow all > > > httpd_accel_port 80 > > > httpd_accel_host virtual > > > httpd_accel_single_host off > > > httpd_accel_uses_host_header on > > > > > > with this configuration both https & http for that sites are > > > denied > > > >what you want is > > > >acl vdl urlpath_regex ^/vdl > >acl mysite dstdomain www.mysite.com > >acl http_port_80 myport 80 > >http_access deny mysite vdl http_port_80 > > > > > >Another important note: > > > >You do not want to run a accelerator with "http_access allow > > all".. You MUST set up access controls on which destinations may > > be reached via the accelerator. If not your accelerator can > > easily be abused as an open proxy, bouncing via the accelerator > > to any server on on the Internet. It is only a matter of minutes > > before such openly configured accelerator is found and abused by > > hackers for purposes you absolutely have not intended when > > setting up the accelerator.. > > > >Instead of http_access allow all you want something like this in > > an accelerator: > > > >acl my_sites dstdomain www.mysite.com www.myothersite.com ... > >acl port80 port 80 > >acl http protocol http > >http_access allow my_sites http port80 > > > > > >If the list of sites is long use an include file > > > >acl my_sites dstdomain "/path/to/accelerated_sites.txt" > > > > > >-- > >Henrik Nordstrom <[EMAIL PROTECTED]> > >MARA Systems AB, Sweden
