[squid-users] Question about ACLs and http_access in Squid 3

From: Tom Williams <tomdkat_at_comcast.net>
Date: Thu, 23 Oct 2008 19:45:22 -0700

Ok, now that I've basically got Squid 3 configured as a HTTP
accelerator, I have a question about ACL rules and http_access.

Here is the basic config: I've got two web servers behind a load
balancer. The idea is to have Squid server as a HTTP accelerator for
Apache so it will cache static content (like global site graphics, etc)
leaving Apache to deal with traffic that requires database access.

Here are my configuration lines:

acl directIP dst aaa.bbb.ccc.ddd/32
acl website dstdomain .mydomain.com

#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow directIP
http_access allow website

# And finally deny all other access to this proxy
http_access deny all

Now, when I point my browser at:

http://aaa.bbb.ccc.ddd/

I get an access denied 403 error page from Squid.

If I point my browser at:

http://www.mydomain.com/

It works just fine. www.mydomain.com resolves to the aaa.bbb.ccc.ddd.
IP address.

Why does the domain work yet the IP doesn't? What am I missing?

Thanks!

Peace...

Tom
Received on Fri Oct 24 2008 - 02:45:47 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 24 2008 - 12:00:04 MDT