On 7/02/19 8:03 am, Walid A. Shaari wrote: > > On Wed, 6 Feb 2019 at 05:53, Amos Jeffries wrote: > > > ssl_bump peek step1 > > > > ssl_bump splice azure_sites azure_sites2 #Avoid bumping > Microsoft/Azure > > related sites > > > > The way ACLs work in Squid items on a line like "azure_sites > azure_sites2" *both* have to match for the lines action to be used. > > So the above line means all those domains except *.microsoft.com > <http://microsoft.com> will > *not* be spliced here even if a URL domain was available. > > > Sorry, I did not get that, is it because microsoft.com > <http://microsoft.com> is duplicated by mistake twice on both lines? >
I mean the names which only occur in one of the two ACL checks will do possibly unwanted things. see the FAQ <https://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes> for details. For example; when the request is for "microsoftazurestack.com" the azure_sites2 part would be false. Which then means the splice is not done. The only domain(s) where both azure_sites AND azure_sites2 are matching/true are the *.microsoft.com names. That said, I do not see any reason why you have two ACLs in the first place. You could probably combine the two into one name and remove azure_sites2 entirely. PS. If the problem is line length for the list you can have multiple 'acl' lines adding different values to an ACL (like our default Safe_Ports does) so long as the type is identical. OR, you can also wrap config lines using a '\' right before the end-of-line CRLF and whitespace to start the wrapped line part. Like: directive value1 value2 \ value3 \ value4 OR, you could place the list in a file and have the ACL load the values from there. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
