here is the acl that got it working
access-list 102 deny ip any host 208.45.156.202
access-list 102 permit ip any any
and then here is the ip wccp statement
ip wccp version 1
ip wccp web-cache redirect-list 102
thanks Joe.
On Friday 08 November 2002 04:10 pm, Joe Cooper wrote:
> Oh, yeah...You need to bypass based on destination IP. My Cisco syntax
> is a bit lacking, but I think you just use the second IP field in your
> deny rule, right?
>
> Something like:
>
> access-list 102 deny any 208.45.156.202
>
> Maybe?
>
> Chad Whitten wrote:
> > on further review, that wouldnt do it because that is the ip of the
> > site that
> > is not supposed to be proxied and what i was thinking was dont redirect
> > packets bound for that ip when the syntax is dont redirect packets
> > originating from that ip which not the ip on my network. i suppose i
> > could
> > give the dial-up user a static ip and not redirect any of their
> > traffic but
> > there has got to be a better way.
> >
> > On Friday 08 November 2002 03:46 pm, you wrote:
> > >Yep. Something like that ought to do it.
> > >
> > >Chad Whitten wrote:
> > >>guess i would need to setup an access list and then use the
> > >>ip wccp web-cache redirect-list # for this?
> > >>does this syntax look okay
> > >>
> > >>access-list 102 deny 208.45.156.202
> > >>access-list 102 permit any any
> > >>
> > >>then in wccp config
> > >>ip wccp web-cache redirect-list 102
> > >>
> > >>would that do it?
> > >>
> > >>On Friday 08 November 2002 03:14 pm, you wrote:
> > >>>Are you sure the site is just "not supposed to be cached". Perhaps it
> > >>>is not supposed to be proxied?
> > >>>
> > >>>Sounds kinda like an authentication scheme that cannot be proxied is
> > >>>being used, and it sounds like you're expecting Squid not to proxy
> > >>>requests when the no_cache directive is used. Squid can't not proxy a
> > >>>request once it receives it--it can proxy it, or close the connection.
> > >>>Whether it caches the request is orthogonal, and clearly not the
> > >>> source of the problem here.
> > >>>
> > >>>Add this site to your WCCP bypass list in your router, or you can
> >
> > bypass
> >
> > >>>it in the cache if WCCP redirection happens on a different leg than
> > >>> the Squid box lives on.
> > >>>
> > >>>Chad Whitten wrote:
> > >>>>i am having a problem with a site that is not supposed to be cached.
> > >>>>i have
> > >>>>the following in squid.conf
> > >>>>
> > >>>>acl AIMCO url_regex ^http://intranet.aimco.com/$
> > >>>>no_cache deny AIMCO
> > >>>>
> > >>>>running squid version Squid Cache: Version 2.4.STABLE7
> > >>>>on linux - kernel 2.4.19 in transparent mode with wccp version 1 on a
> > >>>>cisco
> > >>>>router.
> > >>>>
> > >>>>everything works fine for everyone else, just this site is not
> > >>>>supposed to be
> > >>>>cached because its an intranet/vpn site. before i addd the no_cache
> > >>>>directive, the user would just be prompted for password over and
> > >>>> over. now
> > >>>>they get past that but get 'page cannot be displayed message from
> > >>>> ie'. squid
> > >>>>still seems to be logging a lot of traffic from that site - mostly
> > >>>>TCP_MISS/401 logs.
> > >>>>
> > >>>>any suggestions?
-- Chad Whitten Network/Systems Administrator neXband Communications cwhitten@nexband.comReceived on Wed Nov 13 2002 - 07:15:23 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:18 MST