[squid-users] Locking Proxy Chaining Down to a Specific Subnet from John Gardner on 2010-08-10 (squid-users)

From: John Gardner <John.Gardner_at_southtyneside.gov.uk>
Date: Tue, 10 Aug 2010 08:17:35 +0100

I wonder if anyone can point me in the correct direction of solving this
problem.

We are currently using two Squid (2.6) Caching Proxy Servers (CP1 and
CP2) on different sections of the network. The only way HTTP traffic can
get from one network to the other is via the proxy chained proxies. The
following works quite successfully;

acl redirect_to_live dstdomain server.local.net

cache_peer 10.0.0.45 parent 8080 3130 default no-query
cache_peer_access 10.0.0.45 allow redirect_to_live
never_direct allow redirect_to_live

This set of code sits on CP1 and anyone who tries get to
server.local.net gets chained to the CP2 proxy at 10.0.0.45 and the site
gets returned.

What we need now is a way to lock down this redirect to a specifc
subnet, I've tried adding

acl redirect_to_live src 192.168.10.0/24

but I get a syntax error, can anyone shed any light on how I could do
this?

Thanks in advance

John

This email and any files transmitted with it are intended solely for the named recipient and may contain sensitive, confidential or protectively marked material up to the central government classification of ?RESTRICTED" which must be handled accordingly. If you have received this e-mail in error, please immediately notify the sender by e-mail and delete from your system, unless you are the named recipient (or authorised to receive it for the recipient) you are not permitted to copy, use, store, publish, disseminate or disclose it to anyone else.

E-mail transmission cannot be guaranteed to be secure or error-free as it could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses and therefore the Council accept no liability for any such errors or omissions.

Unless explicitly stated otherwise views or opinions expressed in this email are solely those of the author and do not necessarily represent those of the Council and are not intended to be legally binding.

All Council network traffic and GCSX traffic may be subject to recording and/or monitoring in accordance with relevant legislation.

South Tyneside Council, Town Hall & Civic Offices, Westoe Road, South Shields, Tyne & Wear, NE33 2RL, Tel: 0191 427 1717, Website: www.southtyneside.info
Received on Tue Aug 10 2010 - 07:18:11 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 10 2010 - 12:00:02 MDT