Re: [squid-users] dstdomain/port acl question

Fri, 02 Feb 2007 08:35:17 -0800 

On 2/2/07, Henrik Nordstrom <[EMAIL PROTECTED]> wrote:

tor 2007-02-01 klockan 16:26 -0500 skrev Chris Nighswonger:
> The following is my setup to handle the direct connections:
>
> acl streamserver dstdomain .streamserver.com
> acl streamport 1234
> http_access deny streamserver streamport
> deny_info http://192.168.0.x:8000/mountpt streamserver streamport

Where is this in relation to your other http_access rules?


http_access allow manager localhost
http_access allow manager masada1
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access allow localhost UnauthAccess
http_access allow localhost WindowsUpdate
http_access allow localhost Java
http_access allow cnighswonger-lt
http_access allow localhost PURGE
http_access allow localhost AuthorizedUsers
# Deny connections from inside to the outside webradio stream and
redirect them to the inside stream
# The first two entries handle direct stream requests. The last two
handle file list requests.
http_access deny streamserver streamport
deny_info http://192.168.0.238:8000/mountpt streamserver streamport
http_access deny streamlink
deny_info http://192.168.0.238:8000/list.m3u streamlink
#
http_access deny !Safe_ports
http_access deny all



And what is said in access.log?


The access.log shows two TCP_DENIED and one TCP_MISS all looking at
the outside streaming server.

1170362412.967      5 127.0.0.1 TCP_DENIED/407 1903 GET
http://streamserver.com:7590/ - NONE/- text/html
1170362413.015     41 127.0.0.1 TCP_DENIED/407 2136 GET
http://streamserver.com:7590/ - NONE/- text/html
1170362431.237      1 127.0.0.1 TCP_DENIED/407 1903 GET
http://streamserver.com:7590/ - NONE/- text/html
1170362431.270  18222 127.0.0.1 TCP_MISS/600 4515 GET
http://streamserver.com:7590/ Administrator DIRECT/69.5.81.71 -
1170362431.285      5 127.0.0.1 TCP_DENIED/407 2136 GET
http://streamserver.com:7590/ - NONE/- text/html
1170362431.530      1 127.0.0.1 TCP_DENIED/407 1903 GET
http://streamserver.com:7590/ - NONE/- text/html
1170362431.532    243 127.0.0.1 TCP_MISS/600 8859 GET
http://streamserver.com:7590/ Administrator DIRECT/69.5.81.71 -



But for this task of directing users to a local mirror even if they
request the original Internet address I'd recommend you to use a url
rewriter. This way you can get the local mirror completely transparent
to your users, not even knowing they access the local mirror.


I have had some difficulty setting up for two redirectors (adzapper
and squirm). I saw your post on this route and decided to give it a
try. :)

Chris

Reply via email to