On Tue, 28 Oct 2003, franklin lecointre wrote: > acl IGA port 3127 > acl IGA_ass dstdomain "/usr/local/squid/etc/sites_assurances" > http_access allow IGA_ass > http_access deny IGA > http_access deny all > > acl IGA_T port 3128 > acl IGA_info dstdomain "/usr/local/squid/etc/sites_informatiques" > http_access allow IGA_info > http_access deny IGA_T > http_access deny all
I think you want acl IGA myport 3127 acl IGA_ass dstdomain "/usr/local/squid/etc/sites_assurances" http_access allow IGA IGA_ass http_access deny IGA [and similar block of rules for IGA_T] http_access deny all To match the proxy port where the request was accepted you need to use the myport acl. The port acl matches the port of the requested URL. http_access is a sequencial list of rules. The first rule where all acl elements are true will tell if the request is allowed or denied. http_access allow IGA IGA_ass thus only allows access if the request was received on port 3127 and the requested domain name is listed in sites_assurances. http_access allow IGA http_access allow IGA_ass on the other hand allows access if the request was received on port 3127 OR the requested domain name is listed in sites_assurances, with no connection between the two ACL elements. Regards Henrik
