with acl.
note that https can't be cached, so it has only value if: 1. your clients can't connect to the proxy1 2. your proxy can't connect to the internet (if both these are true)
Ok thanks. I probably didn't give enough detail originally.
I actually want to _always_ send http to Proxy1, and _always_ send httpS requests to Proxy2.
The users connect to a downstream non-caching content-checking Proxy. I'll have a go at an ascii diagram:
--------
-------| Proxy2 |----------\ HTTPS
------ | -------- \------- -------------
| Inet |---+ | Squid |-----| non-caching |
------ | -------- /------- -------------
-------| Proxy1 |----------/ HTTP |
-------- |
---------
| Users |
---------Users are authenticated on the non-caching proxy which is a content-checking box. It send requests to its upstream proxy - the Squid cache - on a single port 80.
I need Squid to break out HTTPS traffic one way, and plain HTTP traffic another way and _always_ feed each to a different upstream. Proxy 1 is an active-code stripper and Proxy 2 SSL termination/content-checking box.
Can I still do this with an ACL and the peer_cache_access + url_regex?
I was thinking of something like:
acl http_traffic url_regex "^http://*"; acl ssl_traffic url_regex "^https://*"; cache_peer Proxy1.domain parent 80 0 no-query cache_peer Proxy1.domain parent 80 0 no-query cache_peer_access Proxy1.domain allow http_traffic cache_peer_access Proxy2.domain allow ssl_traffic
-S
