I made the changes you suggested, but I started getting the following error messages in the log: 123456.com w.x.y.z - - [03/Mar/2009:12:09:45 -0500] "GET http://123456.com/ HTTP/1.1" 403 1379 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" TCP_DENIED:NONE When I went to the web site and I get the squid ERR_ACCESS_DENIED page instead. Here are the new lines that I had put in as you suggested. Not sure if I over did it with the http_access lines. Had one question thought. Since the web-server is handling both www.123456.com and 123456.com, is the first acl valid for both? I also took out the entries for abcdev and 987zyx and still doesn't work. What am I missing/doing wrong. http_port 80 accel vhost acl 123456 dstdomain 123456.com acl abcdef dstdomain abcdef.com acl 987zyx dstdomain 987zyx.com cache_peer_access 192.168.2.10 allow 123456 cache_peer_access 192.168.2.10 allow abcdef cache_peer_access 192.168.2.10 allow 987zyx cache_peer_access 192.168.2.10 deny all http_access allow 123456 http_access allow abcdef http_access allow 987zyx cache_peer_access 192.168.2.11 allow 123456 cache_peer_access 192.168.2.11 allow abcdef cache_peer_access 192.168.2.11 allow 987zyx cache_peer_access 192.168.2.11 deny all http_access allow 123456 http_access allow abcdef http_access allow 987zyx cache_peer_access 192.168.2.12 allow 123456 cache_peer_access 192.168.2.12 allow abcdef cache_peer_access 192.168.2.12 allow 987zyx cache_peer_access 192.168.2.12 deny all http_access allow 123456 http_access allow abcdef http_access allow 987zyx http_access deny all never_direct allow all > Date: Tue, 3 Mar 2009 11:10:08 +1300 > Subject: Re: Problem with Reverse Proxy and multiple domains > From: squid3@xxxxxxxxxxxxx > To: phoenix1972@xxxxxxxxxxx > CC: squid-users@xxxxxxxxxxxxxxx > >> >> I'm currently running Squid 2.6 stable 22 as a caching server. >> >> It is acting as a front-end for bunch of servers answering for >> www.123456.com and 123456.com. Without any problems. >> >> I have updated the apache configuring for handling web traffic for >> www.abcdef.com=2C abcdef.com=2C www.987zyx.com and 987zyx.com. >> >> If I hit the web servers with the various domains=2C I get the desired web >> site without any problems. >> >> The problem I'm running into with Squid is that no matter what domain I >> enter, squid is treating all the traffic for www.123456.com. >> >> So if I enter www.987zyx.com via squid=2C I go the www.123456.com web site >> instead. >> >> Here is a copy of the squid configuration I'm using. What am I doing >> wrong? >> > > Using the broken and obsolete squid-2.5 method of 'acceleration'. > > I've placed incline alterations to update this to 2.6 requirements... > >> >> acl all src 0.0.0.0/0.0.0.0 >> acl manager proto cache_object >> acl localhost src 127.0.0.1/255.255.255.255 >> acl to_localhost dst 127.0.0.0/8 >> acl SSL_ports port 443 >> acl CONNECT method CONNECT >> >> hierarchy_stoplist cgi-bin ? >> acl QUERY urlpath_regex cgi-bin \? >> cache deny QUERY >> acl apache rep_header Server ^Apache >> broken_vary_encoding allow apache >> coredump_dir /var/cache/squid > >> http_port 80 accel vport > > http_port 80 accel vhost > >> cache_peer 192.168.2.10 parent 80 0 no-query originserver round-robin >> login=PASS >> cache_peer 192.168.2.11 parent 80 0 no-query originserver round-robin >> login=PASS >> cache_peer 192.168.2.12 parent 80 0 no-query originserver round-robin >> login=PASS > > KILL this: >> acl webserver dst 192.168.2.10 192.168.2.11 192.168.2.12 > > acl 123456 dstdomain .123456.com > > (if you want to be VERY tricky: > acl 123456 dst 192.168.2.10 > ) > > cache_peer_access 192.168.2.10 allow 123456 > cache_peer_access 192.168.2.10 deny all > http_access allow 123456 > > ... repeat as appropriate for each webserver. Including _separate_ ACLs > for each one. > > Followed with: > http_access deny all > never_direct allow all > > Kill all the below http_*: > >> http_access allow webserver >> http_access allow all >> miss_access allow webserver >> miss_access allow all >> http_access deny all >> > >> icp_access deny all >> >> acl loadbalancer1 src 192.168.3.125 >> acl loadbalancer2 src 192.168.3.126 >> follow_x_forwarded_for allow loadbalancer1 >> follow_x_forwarded_for allow loadbalancer2 >> follow_x_forwarded_for allow all >> acl_uses_indirect_client on >> delay_pool_uses_indirect_client on >> log_uses_indirect_client on >> >> logformat combined %{Host}>h %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" >> "%{User-Agent}>h" %Ss:%Sh >> access_log /var/log/squid/access.log combined >> collapsed_forwarding on >> vary_ignore_expire on >> >> cache_effective_user squid >> cache_store_log none >> client_db off >> cache_mem 512 MB >> cache_dir ufs /var/cache/squid 3000 10 10 >> > > Amos > > _________________________________________________________________ Hotmail® is up to 70% faster. Now good news travels really fast. http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009
