Search squid archive

reverse proxy / ACL issues.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,
The question: Is there a way to use squid's rproxy feature with ACLs? Using ACLs in a reverse proxy mode seems to break server name / ip parsing.

-Version 2.5.STABLE5
-SUSE LINUX Enterprise Server 9 (i586)
-We are using squid in a reverse proxy config to allow a client to view pages on an internal web server which are related to the project we are working on for them. -The squid service sits out in the dmz. -Both the internal network and the dmz use private numbers. -The internal web server is the front end to many internal services, which the client should not be able to view.

Things work as expected until I add an ACL. When an ACL is added it seems as if the internal addresses are not replaced by the rproxy service anymore.
For example:
without acls, if I load (from the outside, out on the internet) http://external.site.ip.com/projects/CLIENTX/foo.html and foo.html has a href which will take you elsewhere on the same internal server, it works. Viewing the source shows it has replaced the internal IPs with the external.site.ip.com's IP.

if I add an ACL, the internal IPs are no longer replaced with the rproxy's IP. instead the hrefs use the internal IPs. The first page loads, but any hrefs point to internal IPs. This of course breaks things for the client.

Here is the ACL bits I've added to the conf file: basically any url with the string "clientx" can be loaded, everything else not.

#
# URLs WHICH CLIENT CAN LOAD -ggw
#
#acl clienturl url_regex -i clientx
#acl noview url_regex -i grid io rgrid
#
# apply acl rules
#
#http_access deny noview
#http_access allow clienturl
#

any thoughts?

thanks,
greg




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux