Craig Skinner wrote:
Hi there, Being the Squid reverse newbie that I am, I have configured an open reverse proxy :-( From an offsite shell account: $ telnet my-server.... Trying 8.... Connected to ..... Escape character is '^]'. GET http://www.squid-cache.org HTTP/1.0 HTTP/1.0 200 OK and in access.log: 1170713839.523 1345 212.20.230.11 TCP_MISS/200 6368 GET http://www.squid-cache.org - DIRECT/12.160.37.9 text/html 1170713895.037 126 212.20.230.11 TCP_MEM_HIT/200 6376 GET http://www.squid-cache.org - NONE/- text/html Well, at least I got it working as a reverse proxy in front of a single apache host with a few virtual domain websites...... I followed the reverse white paper at http://www.visolve.com/squid/whitepapers/reverseproxy.php Config is: $ fgrep -v \# /etc/squid/squid.conf | grep -v ^$ http_port localhost:3128 http_port twig.birch:3128 http_port branch.birch:80 cache_dir ufs /var/squid/cache 400 16 256 ftp_list_width 80 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl CONNECT method CONNECT acl accel_host dst 192.168.186.20/255.255.255.255 acl accel_port port 80 http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost
http_access allow accel_host http_access deny all # That makes the following line useless. Drop it for clarity.
http_access allow all http_reply_access allow all httpd_accel_host 192.168.186.20 httpd_accel_single_host on httpd_accel_with_proxy on httpd_accel_uses_host_header on strip_query_terms off coredump_dir /var/squid/cache extension_methods REPORT MERGE MKACTIVITY CHECKOUT PROPFIND I think I need to get the http_access items tightened up (according to the white paper), what links do I need to refer to? Thanks. I've shut down squid until I make it secure.
Chris