Search squid archive

Re: Simple port 80 squid reverse-proxy question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Discussion Lists wrote:

All,
I set up a reverse proxy using squid 3.0.  It works fine actually, but I
wanted to run the config by you all to be sure I wasn't missing anything
important.  In particular, I am worried about commenting out the
http_access deny all.  I added an "allow all" setting, but I was
wondering if there was a better way, and also if I am doing the below
stuff correctly as well.  Here's my setup:

Outsideworld ---> Squid --->webserver

-I am doing normal http port 80 reverse-proxying.

       acl manager proto cache_object
       acl localhost src 127.0.0.1/255.255.255.255
       acl all src 0.0.0.0/0.0.0.0
       acl allowed_hosts src 10.0.5.0/255.255.255.0

       http_access deny manager all
       http_access allow allowed_hosts
#        http_access deny all

       icp_access  allow  allowed_hosts
       icp_access deny all

	cache_dir ufs /usr/local/squid/var/cache 100 16 256
	cache_effective_user nobody
	cache_effective_group nobody
	visible_hostname Linux

always_direct allow all
http_port 192.168.1.79:80 defaultsite=www.test.in
http_access allow all
Two things... First, Squid 3 is not release ready. It might catch your hair on fire. Second, with that setup, (I think) you are running an open proxy. Probably not what you want. Add another acl, like...

acl accelerated_host dst ip.of.webserver/32

...change the http_access line to read...

http_access allow accelerated host

...uncomment the http_access deny all, and remove the http_access allow all, and you will be in much better shape.

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux