poncenby wrote:
Thanks for your reply.
In the scenario of not trusting the DNS replies that are received by the
client machine, all websites viewed on the client machine will have
static dns entries pointing to the squid cache.
What I'm looking for is a way of configuring squid so this can happen.
I've read the reverse proxy docs and tried the config changes in
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator,
however I get accessed denied and being new to squid am at a loss to
figure why the URL and Host fields are not being constructed and
allowing my client some web browsing through a trusted source.
Ah, sorry. Looks like this was my fault. I omitted a critical piece of
info from the how-to:
The reverse-proxy configuration MUST appear at the top of squid.conf
above any other forward-proxy configuration (http_access etc).
otherwise the standard proxy access rules block some people viewing the
accelerated site.
Here is my squid.conf if someone could give me hint at why this isn't
working how I need it to:
I have apache2 running on tcp/81.
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src 0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl HTTP proto HTTP
acl CONNECT method CONNECT
always_direct allow HTTP
This always_direct will be interfering with the reverse-proxy config BTW.
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
The all of the bit below needs to be up the top at about the place where
the always_direct currently is.
http_port 80 accel defaultsite=localhost
cache_peer 127.0.0.1 parent 81 0 no-query originserver name=myAccel
acl our_sites dstdomain localhost
http_access allow our_sites
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel allow all
PS. "localhost" is not a good content for defaultsite. You should have a
proper public domain name there.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.5
