--On 11 February 2003 21:10 +1100 Robert Collins <[EMAIL PROTECTED]> wrote:
This nets a "The requested URL could not be retrieved ... Accesss Denied" being sent back to the client.... default rules here ... acl mybackend dst 192.168.50.50 http_access allow mybackend http_access deny all Rob
At the moment, I have www2.examplesite.com pointing to the accelerator - and I'm using a director to re-write that to 'www.examplesite.com' (So I can leave the original server alone until the accelerator is sorted out - I should have said that before).
If I add:
acl mybackend dst 10.0.0.1 <- IP address of the accelerator
i.e. that www2.examplesite.com points to
It seems to work Ok.
If I submit a fake 'GET' with a host: header of www.intel.com - I get an access denied back.
One interesting thing (which may have been tripping me up before) - If I get the redirector code to change 'www2.examplesite.com' into 'www.intel.com' - Squid will honor the request, and go fetch intel's page - even though a faked:
GET / HTTP/1.1
Host: www.intel.com
Nets an "Access Denied" response to the client. This would seem to indicate that the ACL is applied before the headers are passed through the redirector.
I think the end result is safe enough though. Thanks for your gentle guide back in the right direction :)
Regards,
-Karl
