Matus UHLAR - fantomas wrote:
> with acl.
>
> note that https can't be cached, so it has only value if:
> 1. your clients can't connect to the proxy1
> 2. your proxy can't connect to the internet
> (if both these are true)
Ok thanks. I probably didn't give enough detail originally.
I actually want to _always_ send http to Proxy1, and _always_ send httpS
requests to Proxy2.
The users connect to a downstream non-caching content-checking Proxy.
I'll have a go at an ascii diagram:
--------
-------| Proxy2 |----------\ HTTPS
------ | -------- \------- -------------
| Inet |---+ | Squid |-----| non-caching |
------ | -------- /------- -------------
-------| Proxy1 |----------/ HTTP |
-------- |
---------
| Users |
---------
Users are authenticated on the non-caching proxy which is a
content-checking box. It send requests to its upstream proxy - the Squid
cache - on a single port 80.
I need Squid to break out HTTPS traffic one way, and plain HTTP traffic
another way and _always_ feed each to a different upstream. Proxy 1 is
an active-code stripper and Proxy 2 SSL termination/content-checking box.
Can I still do this with an ACL and the peer_cache_access + url_regex?
I was thinking of something like:
acl http_traffic url_regex "^http://*"
acl ssl_traffic url_regex "^https://*"
cache_peer Proxy1.domain parent 80 0 no-query
cache_peer Proxy1.domain parent 80 0 no-query
cache_peer_access Proxy1.domain allow http_traffic
cache_peer_access Proxy2.domain allow ssl_traffic
-S
Received on Tue Nov 16 2004 - 04:05:08 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST