Chris Robertson wrote:
> Drew Wrobel wrote:
>> I made the changes you suggested, but I started getting the following
>> error messages in the log:
>>
>> 123456.com w.x.y.z - - [03/Mar/2009:12:09:45 -0500] "GET
>> http://123456.com/ HTTP/1.1" 403 1379 "-" "Mozilla/4.0 (compatible;
>> MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322;
>> Media Center PC 4.0)" TCP_DENIED:NONE
>>
>> When I went to the web site and I get the squid ERR_ACCESS_DENIED page
>> instead.
>>
>> Here are the new lines that I had put in as you suggested. Not sure
>> if I over did it with the http_access lines.
>>
>> Had one question thought. Since the web-server is handling both
>> www.123456.com and 123456.com, is the first acl valid
>> for both?
>>
>> I also took out the entries for abcdev and 987zyx and still doesn't
>> work. What am I missing/doing wrong.
>>
>>
>> http_port 80 accel vhost
>>
>> acl 123456 dstdomain 123456.com
>> acl abcdef dstdomain abcdef.com
>> acl 987zyx dstdomain 987zyx.com
>>
>
> All three of the domains should be preceded by a period. Replace these
> with...
>
> acl 123456 dstdomain .123456.com
> acl abccdef dstdomain .abcdef.com
> acl 987zyx dstdomain .987zyx.com
>
>>
>> cache_peer_access 192.168.2.10 allow 123456
>> cache_peer_access 192.168.2.10 allow abcdef
>> cache_peer_access 192.168.2.10 allow 987zyx
>> cache_peer_access 192.168.2.10 deny all
>>
>
> So does the host 192.168.2.10 contain the data for all three domains?
> You might want to read
> http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers if
> not. If it does, read and follow
> http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting first,
> then add the redundant peers.
>
>> http_access allow 123456
>> http_access allow abcdef
>> http_access allow 987zyx
>>
>>
>> cache_peer_access 192.168.2.11 allow 123456
>> cache_peer_access 192.168.2.11 allow abcdef
>> cache_peer_access 192.168.2.11 allow 987zyx
>> cache_peer_access 192.168.2.11 deny all
>>
>
> Same question here.
>
>> http_access allow 123456
>> http_access allow abcdef
>> http_access allow 987zyx
>>
>
> These three lines are redundant, as http_access for these domains has
> already been allowed.
>
>>
>> cache_peer_access 192.168.2.12 allow 123456
>> cache_peer_access 192.168.2.12 allow abcdef
>> cache_peer_access 192.168.2.12 allow 987zyx
>> cache_peer_access 192.168.2.12 deny all
>> http_access allow 123456
>> http_access allow abcdef
>> http_access allow 987zyx
>>
>> http_access deny all
>> never_direct allow all
>
> Um. I don't think you want never_direct in a acceleration setup, unless
> you are setting it up in a weird way.
It's redundant. Just there for clarity of what going on.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Wed Mar 04 2009 - 00:15:55 MST
This archive was generated by hypermail 2.2.0 : Wed Mar 04 2009 - 12:00:02 MST