RE: [squid-users] Squid ACL (Is this Possible)

From: Mehmet, Levent \(Accenture\) <[email protected]>
Date: Wed, 20 Sep 2006 11:36:39 +0100

 Hi

This config u have suggested we use may not be able to support what we
like:

How would this access-list cope with a website like this:

http://nww.nhsmessaging.co.uk/ or

www.nhs.uk - this should go direct but

nww.nhs.uk needs to go to peer

acl NWW dstdom_regex \.?nww\.
acl NHS dstdomain .nhs.uk
cache_peer_access 3.3.3.3 allow NHS
cache_peer_access 3.3.3.3 allow NWW
never_direct allow NWW

-----Original Message-----
From: Chris Robertson [mailto:crobertson@gci.net]
Sent: 19 September 2006 19:56
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid ACL (Is this Possible)

Mehmet, Levent (Accenture) wrote:
> All
>
> I currently have a setup which sends different domains to different
> Cache_peers. This has been working fine with the below config.:
>
> cache_peer 1.1.1.1 parent 80 80 no-query cache_peer 2.2.2.2 parent 80
> 80 no-query cache_peer 3.3.3.3 parent 3128 3130 no-query
>
> cache_peer_domain 3.3.3.3 parent nww. .nhs.uk
>
Hmmm... I don't think that text followed by a dot is valid syntax for
cache_peer_domain or dstdomain. I'd advise making a dstdom_regex acl
and using cache_peer_access for this peer. Something like...

acl NWW dstdom_regex \.?nww\.
acl NHS dstdomain .nhs.uk
cache_peer_access 3.3.3.3 allow NHS
cache_peer_access 3.3.3.3 allow NWW
never_direct allow NWW

...in addition to the other rules you have listed.
> cache_peer_domain 1.1.1.1 parent .gsi.gov.uk cache_peer_domain 2.2.2.2

> parent .gsi.gov.uk
>
> acl NHS dstdomain nww. .nhs.uk
>
Obviously, this ACL should be adjusted as shown above.
> acl GSI dstdomain .gsi.gov.uk
>
> cache_peer_access 3.3.3.3 allow NHS
> cache_peer_access 1.1.1.1 allow GSI
>
> never_direct allow NHS
> never_direct allow GSI
>
>
> When trying to access http://nww.nhs.uk this goes via the correct path

> of 3.3.3.3, but our clients now wish to access the following websites,

> which cause a conflict: http://nww.nhsmessaging.co.uk/ Web sites like
> this cause me a issue because of the .co.uk which tries to go direct
> and nww tries to go via 3.3.3.3, also with
> http://www.pasa.nhs.uk/cat_default.asp www. Go direct and the nhs.uk
> tries to go via 3.3.3.3. This is a major show stopper for the company.
> Is there a way around this as we need to send all nww down 3.3.3.3
>
> Thanks
>
>
> Levent Mehmet
> Network Analyst
> Server and Network Team
> Accenture@MHRA Operate Unit
> Market Towers, 20th Floor
> 1 Nine Elms Lane
> London
> SW8 5NQ
>
> E-mail: levent.mehmet@mhra.gsi.gov.uk
> Phone: +44 20 7084 3517
> Fax: +44 20 7084 2536
>
Chris

PLEASE NOTE: THE ABOVE MESSAGE WAS RECEIVED FROM THE INTERNET.
On entering the GSI, this email was scanned for viruses by the
Government Secure Intranet (GSi) virus scanning service supplied
exclusively by Cable & Wireless in partnership with MessageLabs.
In case of problems, please call your organisational IT Helpdesk.
The MessageLabs Anti Virus Service is the first managed service to
achieve the CSIA Claims Tested Mark (CCTM Certificate Number
2006/04/0007), the UK Government quality mark initiative for information
security products and services. For more information about this please
visit www.cctmark.gov.uk

This email and any files transmitted with it are confidential. If you are not the intended recipient, any reading, printing, storage, disclosure, copying or any other action taken in respect of this email is prohibited and may be unlawful.

If you are not the intended recipient, please notify the sender immediately by using the reply function and then permanently delete what you have received.Incoming and outgoing email messages are routinely monitored for compliance with the Department of Healths policy on the use of electronic communications.

For more information on the Department of Healths email policy, click http;//www.doh.gov.uk/emaildisclaimer.htm

The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk
Received on Wed Sep 20 2006 - 04:36:41 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT