Search squid archive

RE: Problem with Reverse Proxy and multiple domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I made the changes you suggested, but I started getting the following error messages in the log:

123456.com w.x.y.z - - [03/Mar/2009:12:09:45 -0500] "GET http://123456.com/ HTTP/1.1" 403 1379 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" TCP_DENIED:NONE

When I went to the web site and I get the squid ERR_ACCESS_DENIED page instead.

Here are the new lines that I had put in as you suggested.  Not sure if I over did it with the http_access lines.

Had one question thought.  Since the web-server is handling both www.123456.com and 123456.com, is the first acl valid
for both?

I also took out the entries for abcdev and 987zyx and still doesn't work.  What am I missing/doing wrong.


http_port 80 accel vhost

acl 123456 dstdomain 123456.com
acl abcdef dstdomain abcdef.com
acl 987zyx dstdomain 987zyx.com


cache_peer_access 192.168.2.10 allow 123456
cache_peer_access 192.168.2.10 allow abcdef
cache_peer_access 192.168.2.10 allow 987zyx
cache_peer_access 192.168.2.10 deny all
http_access allow 123456
http_access allow abcdef
http_access allow 987zyx


cache_peer_access 192.168.2.11 allow 123456
cache_peer_access 192.168.2.11 allow abcdef
cache_peer_access 192.168.2.11 allow 987zyx
cache_peer_access 192.168.2.11 deny all
http_access allow 123456
http_access allow abcdef
http_access allow 987zyx


cache_peer_access 192.168.2.12 allow 123456
cache_peer_access 192.168.2.12 allow abcdef
cache_peer_access 192.168.2.12 allow 987zyx
cache_peer_access 192.168.2.12 deny all
http_access allow 123456
http_access allow abcdef
http_access allow 987zyx

http_access deny all
never_direct allow all


> Date: Tue, 3 Mar 2009 11:10:08 +1300
> Subject: Re:  Problem with Reverse Proxy and multiple domains
> From: squid3@xxxxxxxxxxxxx
> To: phoenix1972@xxxxxxxxxxx
> CC: squid-users@xxxxxxxxxxxxxxx
> 
>>
>> I'm currently running Squid 2.6 stable 22 as a caching server.
>>
>> It is acting as a front-end for bunch of servers answering for
>> www.123456.com and 123456.com.  Without any problems.
>>
>> I have updated the apache configuring for handling web traffic for
>> www.abcdef.com=2C abcdef.com=2C www.987zyx.com and 987zyx.com.
>>
>> If I hit the web servers with the various domains=2C I get the desired web
>> site without any problems.
>>
>> The problem I'm running into with Squid is that no matter what domain I
>> enter,  squid is treating all the traffic for www.123456.com.
>>
>> So if I enter www.987zyx.com via squid=2C I go the www.123456.com web site
>> instead.
>>
>> Here is a copy of the squid configuration I'm using.  What am I doing
>> wrong?
>>
> 
> Using the broken and obsolete squid-2.5 method of 'acceleration'.
> 
> I've placed incline alterations to update this to 2.6 requirements...
> 
>>
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl to_localhost dst 127.0.0.0/8
>> acl SSL_ports port 443
>> acl CONNECT method CONNECT
>>
>> hierarchy_stoplist cgi-bin ?
>> acl QUERY urlpath_regex cgi-bin \?
>> cache deny QUERY
>> acl apache rep_header Server ^Apache
>> broken_vary_encoding allow apache
>> coredump_dir /var/cache/squid
> 
>> http_port 80 accel vport
> 
> http_port 80 accel vhost
> 
>> cache_peer 192.168.2.10 parent 80 0 no-query originserver round-robin
>> login=PASS
>> cache_peer 192.168.2.11 parent 80 0 no-query originserver round-robin
>> login=PASS
>> cache_peer 192.168.2.12 parent 80 0 no-query originserver round-robin
>> login=PASS
> 
> KILL this:
>> acl webserver dst 192.168.2.10 192.168.2.11 192.168.2.12
> 
> acl 123456 dstdomain .123456.com
> 
> (if you want to be VERY tricky:
>    acl 123456 dst 192.168.2.10
> )
> 
> cache_peer_access 192.168.2.10 allow 123456
> cache_peer_access 192.168.2.10 deny all
> http_access allow 123456
> 
> ... repeat as appropriate for each webserver. Including _separate_ ACLs
> for each one.
> 
> Followed with:
>  http_access deny all
>  never_direct allow all
> 
> Kill all the below http_*:
> 
>> http_access allow webserver
>> http_access allow all
>> miss_access allow webserver
>> miss_access allow all
>> http_access deny all
>>
> 
>> icp_access deny all
>>
>> acl loadbalancer1 src 192.168.3.125
>> acl loadbalancer2 src 192.168.3.126
>> follow_x_forwarded_for allow loadbalancer1
>> follow_x_forwarded_for allow loadbalancer2
>> follow_x_forwarded_for allow all
>> acl_uses_indirect_client on
>> delay_pool_uses_indirect_client on
>> log_uses_indirect_client on
>>
>> logformat combined %{Host}>h %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h"
>> "%{User-Agent}>h" %Ss:%Sh
>> access_log /var/log/squid/access.log combined
>> collapsed_forwarding on
>> vary_ignore_expire on
>>
>> cache_effective_user squid
>> cache_store_log none
>> client_db off
>> cache_mem  512 MB
>> cache_dir ufs /var/cache/squid 3000 10 10
>>
> 
> Amos
> 
> 

_________________________________________________________________
Hotmail® is up to 70% faster. Now good news travels really fast. 
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux