> I am trying to implement a reverse proxy on a windows > machine. It just wont work and I have read every scrap of > info I can find. > > I have 3 windows servers (Squid 2.6 and two (2) web > servers). My squid.conf file is below. Can you give me > comments. > > http_port 80 accel defaultsite=http://www.sample.com vhost - remove "http://"; > acl QUERY urlpath_regex cgi-bin \? > cache deny QUERY > acl apache rep_header Server ^Apache > broken_vary_encoding allow apache > > access_log /usr/var/logs/access.log > cache_log /usr/var/logs/cache.log > cache_store_log /usr/var/logs/store.log - I think pathnames in windows are different to *nix. > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% > > cache_peer 192.168.1.5 parent 80 0 no-query originserver > name=server_1 > acl sites_server_1 dstdomain http://www.sample.com > sample.com > acl our_sites dstdomain http://www.sample.com sample.com - again remove "http://"; - these acl are redundant. just one will do. it can be re-used whenevr needed. > cache_peer_access server_1 allow sites_server_1 > > cache_peer 192.168.1.121 parent 80 0 no-query originserver > name=server_2 > acl sites_server_2 dstdomain www2.sample.com > acl our_sites2 dstdomain www2.sample.com - again redundancy. just one of the two will do. > cache_peer_access server_2 allow sites_server_2 > > http_access allow our_sites > http_access allow our_sites2 > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports - the denies above are all redundant without any allows. the "deny all" directly below them does the same thing, but faster. > http_access deny all > icp_access allow all > > cache_mgr postmaster@xxxxxxxxxx > cache_effective_user www-data > cache_effective_group www-data > visible_hostname sample.com > Those are the obvious points about general config. Try "squid -k parse" to see what squid itself thinks of the config. Amos
