Search squid archive

Re: Problem with Reverse Proxy and multiple domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Drew Wrobel wrote:
I made the changes you suggested, but I started getting the following error messages in the log:

123456.com w.x.y.z - - [03/Mar/2009:12:09:45 -0500] "GET http://123456.com/ HTTP/1.1" 403 1379 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" TCP_DENIED:NONE

When I went to the web site and I get the squid ERR_ACCESS_DENIED page instead.

Here are the new lines that I had put in as you suggested.  Not sure if I over did it with the http_access lines.

Had one question thought.  Since the web-server is handling both www.123456.com and 123456.com, is the first acl valid
for both?

I also took out the entries for abcdev and 987zyx and still doesn't work.  What am I missing/doing wrong.


http_port 80 accel vhost

acl 123456 dstdomain 123456.com
acl abcdef dstdomain abcdef.com
acl 987zyx dstdomain 987zyx.com

All three of the domains should be preceded by a period. Replace these with...

acl 123456 dstdomain .123456.com
acl abccdef dstdomain .abcdef.com
acl 987zyx dstdomain .987zyx.com


cache_peer_access 192.168.2.10 allow 123456
cache_peer_access 192.168.2.10 allow abcdef
cache_peer_access 192.168.2.10 allow 987zyx
cache_peer_access 192.168.2.10 deny all

So does the host 192.168.2.10 contain the data for all three domains? You might want to read http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers if not. If it does, read and follow http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting first, then add the redundant peers.

http_access allow 123456
http_access allow abcdef
http_access allow 987zyx


cache_peer_access 192.168.2.11 allow 123456
cache_peer_access 192.168.2.11 allow abcdef
cache_peer_access 192.168.2.11 allow 987zyx
cache_peer_access 192.168.2.11 deny all

Same question here.

http_access allow 123456
http_access allow abcdef
http_access allow 987zyx

These three lines are redundant, as http_access for these domains has already been allowed.


cache_peer_access 192.168.2.12 allow 123456
cache_peer_access 192.168.2.12 allow abcdef
cache_peer_access 192.168.2.12 allow 987zyx
cache_peer_access 192.168.2.12 deny all
http_access allow 123456
http_access allow abcdef
http_access allow 987zyx

http_access deny all
never_direct allow all

Um. I don't think you want never_direct in a acceleration setup, unless you are setting it up in a weird way.

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux