Hey There, In general what you want is possible but couple things are not clear to me yet. The config you mentioned has couple issues: ##START OF INFO acl localnetPAC src 192.168.0.0/24 #resource within my network acl localnetPAC src internal.resources.com #resource within my network acl localnetPAC src internal1.resources.com #resource within my network acl localnetPAC src internal2.resources.com #resource within my network acl localnetPAC src internal3.resources.com #resource within my network
acl InboundNet scr 10.24.62.51 #NetScaler acl OutboundNet scr 10.24.62.51 #NetScaler http_access allow localnetPAC #user will be let thru to the local resources #InboundNet !localnetPAC allow OutboundNet #this is what I WANT to do but isn't working #can anyone steer me to the right track? ##END OF INFO In general if you want to deny with a redirection you can use the deny_info and a custom "shebang" dummy acl. One example of implementation can be found in the list archives at: http://lists.squid-cache.org/pipermail/squid-users/2015-October/006092.html Squid allows you to customize the "deny" action and which one of them can be a redirection. You have used in your example an acl like: acl localnetPAC src internal3.resources.com which uses a domain, but the "src" type acl cannot be used with a domain name and can only be an IP address. Peek at the acl docs at: http://www.squid-cache.org/Doc/config/acl/ But you have mentioned the bottom line as: #InboundNet !localnetPAC allow OutboundNet Which is not clear to me but I will try to be creative with an example: acl local_network_addresses dst 192.168.0.0/24 #Internal services acl internal_domains dstdomain internal1.resources.com #Internal domains names acl internal_domains dstdomain internal2.resources.com #Internal domains names acl dummy_match dstdom_regex . #dummy match all domain regex acl InboundNet scr 10.24.62.51 #NetScaler source IP(the clients IP is not visible behind the NetScaler) deny_info 302:http://www.google.com/?%H dummy_match #Customized deny_info that will redirect to google with some addition http_access allow InboundNet internal_domains #rule that allows netscaler sources traffic to access internal domains http_access allow InboundNet acl local_network_addresses #rule that allows netscaler sources traffic to access internal ip addresses http_access deny dummy_match # rule that should match all traffic and redirect any request to google ##END OF example I hope the example helps you. Let me know If it helped you and\or if you need more help or if I didn't understood the question. Eliezer -----Original Message----- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of nkingsquid Sent: Tuesday, April 19, 2016 9:19 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Routing Internally And/Or Externally? I should probably mention that its important that the request NOT be denied, just redirected if it is not a listed internal resource... -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Routing-Internally-And-Or-Externally-tp4677152p4677153.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
