Discussion Lists wrote:
All,
I set up a reverse proxy using squid 3.0. It works fine actually, but I
wanted to run the config by you all to be sure I wasn't missing anything
important. In particular, I am worried about commenting out the
http_access deny all. I added an "allow all" setting, but I was
wondering if there was a better way, and also if I am doing the below
stuff correctly as well. Here's my setup:
Outsideworld ---> Squid --->webserver
-I am doing normal http port 80 reverse-proxying.
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl allowed_hosts src 10.0.5.0/255.255.255.0
http_access deny manager all
http_access allow allowed_hosts
# http_access deny all
icp_access allow allowed_hosts
icp_access deny all
cache_dir ufs /usr/local/squid/var/cache 100 16 256
cache_effective_user nobody
cache_effective_group nobody
visible_hostname Linux
always_direct allow all
http_port 192.168.1.79:80 defaultsite=www.test.in
http_access allow all
Two things... First, Squid 3 is not release ready. It might catch your
hair on fire. Second, with that setup, (I think) you are running an
open proxy. Probably not what you want. Add another acl, like...
acl accelerated_host dst ip.of.webserver/32
...change the http_access line to read...
http_access allow accelerated host
...uncomment the http_access deny all, and remove the http_access allow
all, and you will be in much better shape.
Chris
