Search squid archive

Re: browser (and access.log) says access denied but cache.log says it's ok?!?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Anton Melser wrote:

Thanks Chris, I definitely changed the port (the live sites, which I
put in my hosts file so not to cause too much trouble...), and could
access with no problems the non localhost sites. I tried both setting
a hostname and a ip with the ports

Using an IP will be more explicit, and therefore is what I would recommend. Use the hostname for the defaultsite argument to http_port.

- no luck, and had apache2
listening on 127.0.0.7:80 and *.81.
I had a very long look at the article mentioned (and you need the
right keywords to get to it!) but doing both local and distant reverse
proxying wasn't mentioned.

But should just be a matter of putting two of the FAQs ((5 and 6) or (9 and 6)*) together.

Assuming:
* The external IP of the Squid server is 4.5.6.
* Local apache is listening on 127.0.0.7:80 (and possibly *:81) and is hosting local.my.domain
* The remote host's IP is 1.2.3.4 and is hosting remote.my.domain
the following should do what you want...

# Define the HTTP port
http_port 4.5.6.7:80 accel defaultsite=local.my.domain
# Specify the local and remote peers
cache_peer 127.0.0.7 parent 80 0 no-query originserver name=local
cache_peer 1.2.3.4 parent 80 0 no-query originserver name=remote
#Define ACLs to direct traffic to the correct servers
# Local
acl sites_local dstdomain local.my.domain
cache_peer_access local allow sites_local
# Remote
acl sites_remote dstdomain remote.my.domain
cache_peer_access remote allow sites_remote
# Make sure that access to your accelerated sites is allowed
acl mysites dstdomain .my.domain
http_access allow mysites
# Deny everything else
http_access deny all

I followed the instructions on that page for one of my attempts (with
both squid and apache listening on 80 but one localhost and one
external) but alas exactly the same results.

A forwarding loop? That would indicate to me that your cache_peer line was not adjusted to reflect the originserver listening on localhost. No forwarding loop, but an access denied? Check your ACLs in Apache, and make sure that localhost can access pages. Otherwise verify you have not uncommented the http_access deny to_localhost line in your squid.conf. It's present and commented by default.

I have seen in various places about compiling without internal dns but
the vast bulk of the literature is on <=2.5, and 2.6 seems pretty
different (particularly for http acceleration), and I didn't know
whether this was desirable or necessary.

In a forwarding setup, where you are setting your cache_peers by IP, it should be mostly* irrelevant. In a normal proxy setup, you probably don't want to disable the internal DNS.

Anyway, I will try a couple
of things with /etc/hosts, and a few things, but I think it may be due
to some resolution issues.

Again, given the setup above (all peers are designated using IP addresses) DNS has a negligible effect on an acceleration setup.

Thanks for your input,
Anton

Chris

* If someone surfs to your site by IP, a dstdomain ACL will try a reverse DNS lookup.

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux