Re: [SLUG] Squid - Proxy Chaining

Mon, 11 Feb 2002 21:08:47 -0800 

On Tue, Feb 12, 2002 at 02:16:20PM +1100, Hartono, Susanto wrote:
> From: "Hartono, Susanto" <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> X-Mailer: Internet Mail Service (5.5.2653.19)
> Subject: [SLUG] Squid - Proxy Chaining
> Date: Tue, 12 Feb 2002 14:16:20 +1100
> 
> G'day,
> 
> Just wondering if anyone here has had any experience with daisy-chaining
> squid proxy servers. In particular I am interested to know if the following
> scenario is possible:
> 
> User-->ProxyA-->ProxyB1-->..->ProxyBn-->ServerA
>           |
>            ---->ProxyC1-->..->ProxyCn-->ServerB
> 
> 1. User specifies a proxy server (ProxyA) in his browser.
> 2. Request from proxyA is then redirected to either ProxyB1 or ProxyC1
> depending on the name of the destination servers (host names, not domain
> names).
> 
> Is it possible to use url_regex in squid.conf to redirect the user to
> another proxy server? For instance, given the following url_regex, how would
> I redirect acl 'subnetA' to use ProxyB1 and vice versa?
> 
> acl subnetA url_regex ^http://server1*
> acl subnetB url_regex ^http://server2*
> 
It should be possible:

    #  TAG: cache_peer_access
    #       Similar to 'cache_peer_domain' but provides more flexibility by
    #       using ACL elements.
    #
    #       cache_peer_access cache-host allow|deny [!]aclname ...

So you'd need something along these lines:

    acl subnetA url_regex ^http://server1*
    acl subnetB url_regex ^http://server2*

    cache_peer ProxyB1 parent 8080 3130
    cache_peer ProxyC2 parent 8080 3130

    cache_peer_access ProxyB1 allow subnetA
    cache_peer_access ProxyB1 deny all
    cache_peer_access ProxyC1 allow subnetB
    cache_peer_access ProxyC1 deny all

This will limit access to subnetA and subnetB only.  You could use:

    cache_peer_access ProxyB1 deny subnetB
    cache_peer_access ProxyC1 deny subnetA

to only force access to subnetA and subnetB to the appropriate proxy,
but have no effect on other sites.


Cheers,

John
-- 
whois [EMAIL PROTECTED]
GPG key id: 0xD59C360F
-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Reply via email to