[squid-users] Re: Accelerated Proxy and Authentication

From: Henrik Nordstrom <[email protected]>
Date: 04 Apr 2003 12:33:53 +0200

Yes?

httpd_accel_* directives tell Squid how to internally reconstruct the
requested URL. If you have httpd_accel_port 81 then the reconstructed
URL will use port 81.

A note of warning: Your configuration is a wide open proxy with no
restrictions. Anyone can use this proxy to go nearly anywhere in the
world.

As for the admin question: See the descriptions of the different acl
types. You are both not using the correct acl type and not specifying a
correct regex expression..

Regards
Henrik

fre 2003-04-04 klockan 05.28 skrev Tony Carter:
> Henrik,
> Please forgive me for email this directly to you but I need help and you
> seem to be the most knowledgeable about this.
> I've check the list but have not seen this question asked directly.
>
> I'm trying to setup Squid as a Reverse Proxy which blocks certain urls. I
> want for example: all access to www.server1.com but not
> www.server1.com/admin
>
> I have 4 virtual web sites, all on the same machine behind Apache on port
> 81.
>
> http_port 80
> httpd_accel_host virtual
> httpd_accel_single_host off
> httpd_accel_uses_host_header on
> httpd_accel_with_proxy on
> httpd_accel_port 81
>
> visible_hostname testbox
>
> acl all src 0.0.0.0/0.0.0.0
> acl admin urlpath_regex -i http://www.server1.com/admin
> acl safeports port 80 81
> acl safemethods method GET
>
> http_access deny admin
> http_access deny !safeports
> http_access deny !safemethods
> http_access allow all
>
>
> I'm accessing www.server1.com in IE 6.
> The output below is from /usr/local/squid/sbin/squid -Nd10. Notice that port
> 81 is showing in the url.
>
> Question: How do I make this work???
>
> 1) if I don't put port 81 on the safeport line I get the following:
>
> 2003/04/03 22:07:35| The request GET
> http://www.server1.com:81/admin/index.php is DENIED, because it matched
> 'safeports'
> 2003/04/03 22:07:35| The reply for GET
> http://www.server1.com:81/admin/index.php is ALLOWED, because it matched
> 'all'
>
> 2) If I place port 81 on the safeport line I get the following but it does
> not block access to the admin directory
>
> 2003/04/03 22:03:17| The request GET
> http://www.server1.com:81/admin/index.php is ALLOWED, because it matched
> 'all'
> 2003/04/03 22:03:17| The reply for GET
> http://www.server1.com:81/admin/index.php is ALLOWED, because it matched
> 'all'
>
> Any help is greatly appreciated!
>
> -Tony

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden
Received on Fri Apr 04 2003 - 03:34:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:40 MST