Thanks for your comments Darryl, Yes, the acls that are there are because I was looking to test on the local network. Sounds crazy, but by forcing the client browser to use the squid box, I hoped to see if the proxy would work correctly. Which it didn't due to the url unavailable error. Under normal conditions, the firewall will forward all http traffic to squid and that will reverse proxy to the other web hosts on the network. I don't see it as http acceleration, but it would appear that is how the squid community refer to it. Essentially it is host redirection that I want but I want it with proxying as well. Ahhh logs! I suppose I really should have said "I'm new to this beast" Sorry for the omission. I figured because I could ping the server by fqdn squid would work, but I'll try dns as well. As far as the acl was concerned, it is loose, but I figured I'd tighten it once it was working. Thanks John -----Original Message----- From: Darryl L. Miles [mailto:darryl@xxxxxxxxxxxx] Sent: Tuesday, 16 August 2005 7:00 p.m. To: John Rooney Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: reverse proxy John Rooney wrote: >Apologies for this, if it's a common question. I *have* looked in the >FAQ but haven't managed to resolve my problem. > >I'm looking to reverse host a number of sites on different servers >through a singe exposed IP address. I've populated the local hosts file >(Squid 2.5 for NT) >And Squid itself is firing up. No matter what I put in the acl lists, I >keep getting a url could not be retrieved error. I'll qualify that by >saying I haven't yet put the correct config in the acl lists ;-). In the >interests of getting somewhere, I have supplied the acl portion (without >the majority of the commenting) to see if there is anything obvious. > >I haven't used the http_accelerator options, should I? To me, the proxy >should function from both sides equally well, as It's only resolving >requests that will match entries in the hosts file. > > Reverse host ? If you are wanting to ensure your client browsers (acl our_networks ...) have access to the internet-at-large through squid then this is a classic (forward) proxy. If you are wanting to front-end high traffic volume website(s) with one or more squid cache accelerators to allow the internet-at-large to access your high traffic site(s) then this is a reverse proxy. Your ACLs look ok for classic forward proxy usage. Although you can remove the references to "our_networks" from http_access as the "int_net" does the same thing. I don't think your http_client_access usage is doing anything useful at all as by default is looks like is allows all anyway. You may want to move "int_net" down a few lines until its under "INSERT YOUR OWN RULE(S) HERE". As for host file usage. Are you sure squid on NT can work like this. Usually you have to have a working proper DNS to make squid work effectivly, this is usually indicated in the "cache.log" log file and any fatal errors maybe indicated here as to why its not working for you. If you wish to censor the hosts that browser clients can access through the proxy I suggest you revise: http_access allow int_net to: acl good_urlhosts dst <...whatever IPs are in your HOSTs file with a space inbetween each...> http_access allow int_net good_urlhosts -- Darryl L. Miles
