[squid-users] Working ACLs for SSL Accel in 2.5pre10?

From: <[email protected]>
Date: Sun, 18 Aug 2002 22:28:54 -0700

I have an HTTP accelerator I would like to do SSL with. I have been playing
around with SSL acell in 2.5pre10, and I seem to like it so far. I'm a bit
baffled about how one might go about setting up ACLs to prevent a particular
URL from being accessed through port 80, but ok via SSL...

For example, given URLs like this:
        http://cmanager/foo
        https://cmanager/foo

The redirector I'm running takes anything going to ^http://cmanager/ and
sends it to a backend http server on port 80... the first in the above list
would ideally be rejected, and the second allowed, but I can't seem to set
up an ACL that would do this.

For example, the following does not work, because https access is blocked as
well as http:
        acl cmanager url_regex -i cmanager
        acl SSLUrls url_regex ^https
        http_access deny !SSLUrls cmanager
I've also tried:
        http_access deny !SSL_ports cmanager
That doesn't work either.

I suspect that the SSL accel machinery makes squid's acl machinery handle
the URL like a normal http URL, since my redirector rule (that works) is
passed an HTTP URL by squid even on an HTTPS access.

Any thoughts on how/if this can be done with the current state of SSL accel
support?

Sean

+-----------------------------------------------------------
| Sean Upton
| Site Technology Supervisor SignOnSanDiego.com
| Development & Integration The San Diego Union-Tribune
| 619.718.5241 sean.upton@uniontrib.com
| PATH_TO_THE_DARK_SIDE = 'c:\winnt\system32'
+-----------------------------------------------------------
Received on Sun Aug 18 2002 - 23:26:22 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:44 MST