Search squid archive

Re: reverse proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John Rooney wrote:

Apologies for this, if it's a common question. I *have* looked in the
FAQ but haven't managed to resolve my problem.

I'm looking to reverse host a number of sites on different servers
through a singe exposed IP address. I've populated the local hosts file
(Squid 2.5 for NT)
And Squid itself is firing up. No matter what I put in the acl lists, I
keep getting a url could not be retrieved error. I'll qualify that by
saying I haven't yet put the correct config in the acl lists ;-). In the
interests of getting somewhere, I have supplied the acl portion (without
the majority of the commenting) to see if there is anything obvious.

I haven't used the http_accelerator options, should I? To me, the proxy
should function from both sides equally well, as It's only resolving
requests that will match entries in the hosts file.

Reverse host ?

If you are wanting to ensure your client browsers (acl our_networks ...) have access to the internet-at-large through squid then this is a classic (forward) proxy.

If you are wanting to front-end high traffic volume website(s) with one or more squid cache accelerators to allow the internet-at-large to access your high traffic site(s) then this is a reverse proxy.


Your ACLs look ok for classic forward proxy usage. Although you can remove the references to "our_networks" from http_access as the "int_net" does the same thing. I don't think your http_client_access usage is doing anything useful at all as by default is looks like is allows all anyway. You may want to move "int_net" down a few lines until its under "INSERT YOUR OWN RULE(S) HERE".


As for host file usage. Are you sure squid on NT can work like this. Usually you have to have a working proper DNS to make squid work effectivly, this is usually indicated in the "cache.log" log file and any fatal errors maybe indicated here as to why its not working for you.


If you wish to censor the hosts that browser clients can access through the proxy I suggest you revise:

http_access allow int_net

to:

acl good_urlhosts dst <...whatever IPs are in your HOSTs file with a space inbetween each...>
http_access allow int_net good_urlhosts



--
Darryl L. Miles



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux