Dear all,
I'm using Squid as a reverse proxy in a Squid/Pound/Zope/Plone-setup.
Squid is running on port 80.
I would like to access the cache manager with the munin plugins to
monitor Squid. The plugins use a HTTP request
"GET cache_object://localhost/info HTTP/1.0".
Standard port 3128 isn't active, when asking port 80 I get a 404-error
from zope.
How can I access the cache manager in such a setup?
My squid.conf is:
hierarchy_stoplist cgi-bin ?
#acl QUERY urlpath_regex cgi-bin \?
#no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern (/cgi-bin/|\?) 0 0% 0
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# Basic ACLs
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/32
acl ssl_ports port 443 563
acl safe_ports port 8080 80 443
#acl zope_servers src 127.0.0.2 127.0.0.1
acl manager proto cache_object
acl connect method connect
# deny requests to unknown ports
http_access deny !safe_ports
acl accelerated_protocols proto http https
acl accelerated_domains dstdomain lb.xxx.de
acl accelerated_domains dstdomain lb1.xxx.de
acl accelerated_domains dstdomain lb2.xxx.de
acl accelerated_domains dstdomain xxx.de
acl accelerated_domains dstdomain www.xxx.de
acl accelerated_ports myport 80 443
http_access allow accelerated_domains accelerated_ports
accelerated_protocols
# Purge access - zope servers can purge but nobody else
acl purge method PURGE
#http_access allow zope_servers purge
http_access deny purge
# Reply access
http_reply_access allow all
# Cache manager setup - cache manager can only connect from localhost
# only allow cache manager access from localhost
http_access allow manager localhost
http_access deny manager
# deny connect to other than ssl ports
http_access deny connect !ssl_ports
# ICP access - anybody can access icp methods
icp_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
coredump_dir /usr/local/squid/cache
http_port 80 defaultsite=www.xxx.de
#http_port 80 defaultsite=lb.xxx.de
#http_port 80
cache_peer 127.0.0.1 parent 8080 0 no-query originserver
#cache_peer 127.0.0.1 parent 8080 0 no-query originserver round-robin
#cache_peer 127.0.0.1 parent 8080 0 no-query
visible_hostname www.xxx.de
cache_mem 2000 MB
maximum_object_size 40960 KB
maximum_object_size_in_memory 100 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
cache_dir aufs /var/spool/squid 10000 16 256
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
#redirect_program /etc/squid/redirector.pl
negative_ttl 0 minutes
positive_dns_ttl 60 minutes
negative_dns_ttl 1 minutes
Thanks for your support,
David
--
The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners.
gpg --keyserver pgp.mit.edu --recv-keys 1920BD87
Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87