mån 2006-04-10 klockan 10:41 -0400 skrev Sketch: > Hi, > > I'm currently researching squid's ability to have traffic destined for > specific IPs redirected to specific http_accel_hosts. > > Is there any way to accomplish this without running multiple instances of squid? Yes, there is several. Do you run Host header based virtual domains on these IPs, or just a single site on each? Is the backend servers well aware of their official Internet names, or like IIS and always assumes what is sent to them in the Host header? Traditional Squid-2.5 way with a single site per IP: set "httpd_accel_host virtual", "httpd_accel_uses_host_header off". This makes Squid pick up the IP address where it accepted the request and use this in the reconstructed URL. Then have a redirector rewrite these IPs into the actual IP addresses. Traditional Squid-2.5 way with Host header based virtual support: set "httpd_accel_host virtual", "httpd_accel_uses_host_header on". Use a redirector to rewrite both the IP addresses and the official (as seen on the Internet) host names into the appropriate backend server names. More efficient method: set "httpd_accel_host virtual", "never_direct allow all" and optionally "httpd_accel_uses_host_header on". Define a cache_peer per backend and use cache_peer_access to select which requests gets sent to which server. In theory you could use the myip acl in cache_peer_access here but I'd stronly recommend not to and instead use dstdomain/dst acls (there is a risk of cache pollution otherwise by sending the requests to the wrong IP) The last method unfortunately doesn't work with all web servers. If you have trouble from this look into the "rproxy" patch available from devel.squid-cache.org addressing these issues and more.. Efficient method if all clients sends proper Host header: set "httpd_accel_host your.main.site", "httpd_accel_uses_host_header", then in /etc/hosts (or equivalent file referenced from squid.conf) add each of the accelerated sites with their proper backend IPs. Set up http_access to only allow request to (dst) the backend IPs. The http_access thing also applies to the traditional Squid-2.5 methods using redirectors mentioned above. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
