Re: [squid-users] Squid ACL (Is this Possible)

Mehmet, Levent (Accenture) wrote:
> All
>
> I currently have a setup which sends different domains to different
> Cache_peers. This has been working fine with the below config.:
>
> cache_peer 1.1.1.1 parent 80 80 no-query
> cache_peer 2.2.2.2 parent 80 80 no-query
> cache_peer 3.3.3.3 parent 3128 3130 no-query
>
> cache_peer_domain 3.3.3.3 parent nww. .nhs.uk
>
Hmmm... I don't think that text followed by a dot is valid syntax for
cache_peer_domain or dstdomain. I'd advise making a dstdom_regex acl
and using cache_peer_access for this peer. Something like...

acl NWW dstdom_regex \.?nww\.
acl NHS dstdomain .nhs.uk
cache_peer_access 3.3.3.3 allow NHS
cache_peer_access 3.3.3.3 allow NWW
never_direct allow NWW

...in addition to the other rules you have listed.
> cache_peer_domain 1.1.1.1 parent .gsi.gov.uk
> cache_peer_domain 2.2.2.2 parent .gsi.gov.uk
>
> acl NHS dstdomain nww. .nhs.uk
>
Obviously, this ACL should be adjusted as shown above.
> acl GSI dstdomain .gsi.gov.uk
>
> cache_peer_access 3.3.3.3 allow NHS
> cache_peer_access 1.1.1.1 allow GSI
>
> never_direct allow NHS
> never_direct allow GSI
>
>
> When trying to access http://nww.nhs.uk this goes via the correct path
> of 3.3.3.3, but our clients now wish to access the following websites,
> which cause a conflict: http://nww.nhsmessaging.co.uk/ Web sites like
> this cause me a issue because of the .co.uk which tries to go direct and
> nww tries to go via 3.3.3.3, also with
> http://www.pasa.nhs.uk/cat_default.asp www. Go direct and the nhs.uk
> tries to go via 3.3.3.3. This is a major show stopper for the company.
> Is there a way around this as we need to send all nww down 3.3.3.3
>
> Thanks
>
>
> Levent Mehmet
> Network Analyst
> Server and Network Team
> Accenture@MHRA Operate Unit
> Market Towers, 20th Floor
> 1 Nine Elms Lane
> London
> SW8 5NQ
>
> E-mail: levent.mehmet@mhra.gsi.gov.uk
> Phone: +44 20 7084 3517
> Fax: +44 20 7084 2536
>
Chris
Received on Tue Sep 19 2006 - 12:56:39 MDT