On Sun, 23 Oct 2005, Henrik Nordstrom wrote:
>
>
> On Sat, 22 Oct 2005, Merton Campbell Crockett wrote:
>
> > The problem that I am having is that HTTP requests that use an IP address
> > are being forwarded to the parent cache. Can you not combine "dstdomain"
> > and "dst" in the same acl?
>
> You can use IP addresses in a dstdomain acl if you like. This will match
> requests using these explicit IP addresses only.
That works. I was hoping for something like tcpwrapper's host.allow IP
address wildcards, i.e. "166.16.".
> Or you could use dst acls in addition to the dstdomain acls.
The problem was how to merge "dst" and "dstdomain" expressions into a
single named but, in retrospect, it was probably a simple matter of
listing the named ACLs on a single line to "OR" them together. Squid
doesn't like two different types of expressions in the same named ACL.
After a weekend of playing, I could find no possible way for my internal,
load-balanced proxy servers to share cached information without forwarding
all requests to the parent proxy at the security perimeter. I would need
a fourth proxy, defined as a parent, dedicated to the corporate WAN.
Bummer!
Merton Campbell Crockett
--
BEGIN: vcard
VERSION: 3.0
FN: Merton Campbell Crockett
ORG: General Dynamics Advanced Information Systems;
Intelligence and Exploitation Systems
N: Crockett;Merton;Campbell
EMAIL;TYPE=internet: [EMAIL PROTECTED]
TEL;TYPE=work,voice,msg,pref: +1(805)497-5045
TEL;TYPE=work,fax: +1(805)497-5050
TEL;TYPE=cell,voice,msg: +1(805)377-6762
END: vcard
