Chris, dstdom is checking against the destination host name (java.sun.com). You need to check against the URL using url_regex
Tim > -----Original Message----- > From: Chris Nighswonger [mailto:[email protected]] > Sent: 12 January 2009 15:51 > To: Squid Users > Subject: [squid-users] dstdom_regex question > > I'm using authentication and trying to allow unauthenticated access to > http://java.sun.com/update/1.6.0/map-1.6.0.xml and all associated > urls so Java will update transparently rather than prompting the user > for credentials. I have been trying to do this using dstdom_regex and > cannot seem to get things to work the way I imagine they should. I > have tried two ways. > > acl AuthorizedUsers proxy_auth REQUIRED > acl JavaUpdate dstdom_regex -i sun.*update > http_access allow JavaUpdate > http_access allow AuthorizedUsers > > and > > acl AuthorizedUsers proxy_auth REQUIRED > acl JavaUpdate1 dstdom_regex -i sun > acl JavaUpdate2 dstdom_regex -i update > http_access allow JavaUpdate1 JavaUpdate2 > http_access allow AuthorizedUsers > > Neither acl catches http://java.sun.com/update/1.6.0/map-1.6.0.xml and > it falls through to AuthorizedUsers per cache.log: > > 2009/01/12 09:39:15| The request GET > http://java.sun.com/update/1.6.0/map-1.6.0.xml is DENIED, because it > matched 'AuthorizedUsers' > > However, this does work: > > acl AuthorizedUsers proxy_auth REQUIRED > acl JavaUpdate dstdom_regex -i sun > http_access allow JavaUpdate > http_access allow AuthorizedUsers > > cache.log now says: > > 2009/01/12 09:37:44| The request GET > http://java.sun.com/update/1.6.0/map-1.6.0.xml is ALLOWED, because it > matched 'JavaUpdate' > > But it allows access to any url containing 'sun' which is not > what I want. > > Am I going about this wrong or just missing something about > dstdom_regex? > > Kind Regards, > Chris > > -- > Christopher Nighswonger > Faculty Member > Network & Systems Director > Foundations Bible College & Seminary > www.foundations.edu > www.fbcradio.org > > This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone or email the sender and delete this message and any attachment from your system. If you are not the intended recipient you must not copy this message or attachment or disclose the contents to any other person. Clifford Chance LLP is a limited liability partnership registered in England & Wales under number OC323571. The firm's registered office and principal place of business is at 10 Upper Bank Street, London, E14 5JJ. For further details, including a list of members and their professional qualifications, see our website at www.cliffordchance.com. The firm uses the word 'partner' to refer to a member of Clifford Chance LLP or an employee or consultant with equivalent standing and qualifications. The firm is regulated by the Solicitors Regulation Authority. The Authority's rules can be accessed by clicking on the following link: http://www.sra.org.uk/code-of-conduct.page Clifford Chance as a global firm regularly shares client and/or matter-related data among its different offices and support entities in strict compliance with internal control policies and statutory requirements. Incoming and outgoing email communications may be monitored by Clifford Chance, as permitted by applicable law and regulations. For further information about Clifford Chance please see our website at http://www.cliffordchance.com or refer to any Clifford Chance office.
