squid

[dreadknot]

acl shib      urlpath_regex ^/Shibboleth.sso 
acl shib_index  urlpath_regex ^/icarus/auth/shibboleth/index.php 
acl shibtest urlpath_regex ^/icarus/shibtest.php 
acl icarusmoodle urlpath_regex ^/icarus 

cache_peer 130.212.64.149 parent 8080 0 originserver round-robin max-conn=100 name=godzilla 
cache_peer 130.212.64.100 parent 443 0 originserver no-digest ssl sslflags=DONT_VERIFY_PEER round-robin max-conn=100 name=icarus 
cache_peer 130.212.64.80 parent 443 0 originserver no-digest ssl sslflags=DONT_VERIFY_PEER round-robin max-conn=100 name=shibd 

cache_peer_access godzilla deny icarusmoodle 
cache_peer_access godzilla deny shib 
cache_peer_access godzilla deny shib_index 
cache_peer_access godzilla deny shibtest 

# Deny shib acl traffic to the icarus cache_peer 
cache_peer_access icarus deny shib 
cache_peer_access icarus deny shib_index 
cache_peer_access icarus deny shibtest 
cache_peer_access icarus allow icarusmoodle 
cache_peer_access icarus deny all 

# allow shib acl traffic to the shibd cache_peer then deny all 
cache_peer_access shibd allow shib 
cache_peer_access shibd allow shib_index 
cache_peer_access shibd allow shibtest 
cache_peer_access shibd deny all