On Mon, 18 Apr 2011 18:56:08 -0400, adam dirkmaat wrote:
> How can I limit 80 traffic to one vhost and 443 traffic to a second
> vhost. I want to be able to hit 1.2.3.4:80 & 5.6.7.8:443, and NOT
> access 1.2.3.4:443 & 5.6.7.8:80?
>
>
<snip>
>
> http_port 80 defaultsite=web.somesite.com vhost
>
> https_port 443 cert=/usr/local/ssl/owa-cert-20090629.pem
> key=/usr/local/ssl/owa-20090629.pem defaultsite=mail.somesite.com
> vhost
>
<snip>
NP: for future-proofing the config add "accel" flag right after the
port number. It is a no-op in these 2.x, but current releases are
requiring it to be there.
Add:
acl HTTP proto HTTP
acl HTTPS proto HTTPS
>
> cache_peer 1.2.3.4 parent 80 0 no-query originserver name=web
>
> acl web_site dstdomain web.somesite.com
>
> cache_peer_access web allow web_site
>
Change: cache_peer_access web allow HTTP web_site
>
>
> # webmail on port 443 outside, port 80 inside
>
> cache_peer 5.6.7.8 parent 443 0 no-query originserver login=PASS
> front-end-https=on ssl sslflags=DONT_VERIFY_PEER name=owa
>
> acl owa_site dstdomain owa.somesite.com
>
> cache_peer_access owa allow owa_site
>
Change: cache_peer_access owa allow HTTPS owa_site
>
>
> http_access allow web_site
Change: http_access allow HTTP web_site
>
> http_access allow owa_site
Change: http_access allow HTTPS owa_site
>
> cache_store_log /var/log/squid/store.log
NP: that can die. Change: cache_store_log none
>
> cache_dir ufs /sqcache/cache 35000 16 256
>
35 GB with UFS is *very* slow. Consider AUFS or DiskD
<snip>
>
> -----------------------------------------------------------------------------
>
> acl all src 0.0.0.0/0.0.0.0
Change: acl all src all
Amos
Received on Tue Apr 19 2011 - 01:05:18 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 19 2011 - 12:00:04 MDT