Re: [squid-users] dstdomain/port acl question

From: Chris Nighswonger <[email protected]>
Date: Fri, 2 Feb 2007 11:27:09 -0500

On 2/2/07, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> tor 2007-02-01 klockan 16:26 -0500 skrev Chris Nighswonger:
> > The following is my setup to handle the direct connections:
> >
> > acl streamserver dstdomain .streamserver.com
> > acl streamport 1234
> > http_access deny streamserver streamport
> > deny_info http://192.168.0.x:8000/mountpt streamserver streamport
>
> Where is this in relation to your other http_access rules?

http_access allow manager localhost
http_access allow manager masada1
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access allow localhost UnauthAccess
http_access allow localhost WindowsUpdate
http_access allow localhost Java
http_access allow cnighswonger-lt
http_access allow localhost PURGE
http_access allow localhost AuthorizedUsers
# Deny connections from inside to the outside webradio stream and
redirect them to the inside stream
# The first two entries handle direct stream requests. The last two
handle file list requests.
http_access deny streamserver streamport
deny_info http://192.168.0.238:8000/mountpt streamserver streamport
http_access deny streamlink
deny_info http://192.168.0.238:8000/list.m3u streamlink
#
http_access deny !Safe_ports
http_access deny all

> And what is said in access.log?

The access.log shows two TCP_DENIED and one TCP_MISS all looking at
the outside streaming server.

1170362412.967 5 127.0.0.1 TCP_DENIED/407 1903 GET
http://streamserver.com:7590/ - NONE/- text/html
1170362413.015 41 127.0.0.1 TCP_DENIED/407 2136 GET
http://streamserver.com:7590/ - NONE/- text/html
1170362431.237 1 127.0.0.1 TCP_DENIED/407 1903 GET
http://streamserver.com:7590/ - NONE/- text/html
1170362431.270 18222 127.0.0.1 TCP_MISS/600 4515 GET
http://streamserver.com:7590/ Administrator DIRECT/69.5.81.71 -
1170362431.285 5 127.0.0.1 TCP_DENIED/407 2136 GET
http://streamserver.com:7590/ - NONE/- text/html
1170362431.530 1 127.0.0.1 TCP_DENIED/407 1903 GET
http://streamserver.com:7590/ - NONE/- text/html
1170362431.532 243 127.0.0.1 TCP_MISS/600 8859 GET
http://streamserver.com:7590/ Administrator DIRECT/69.5.81.71 -

> But for this task of directing users to a local mirror even if they
> request the original Internet address I'd recommend you to use a url
> rewriter. This way you can get the local mirror completely transparent
> to your users, not even knowing they access the local mirror.

I have had some difficulty setting up for two redirectors (adzapper
and squirm). I saw your post on this route and decided to give it a
try. :)

Chris
Received on Fri Feb 02 2007 - 09:27:23 MST

This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST