> I am working on a "active-active" firewall for a customer. It will be two How did my thread remind you of this? :). By the way, my currently is a multi-web server setup with a dual LVS front end. Once I finally get squid working as a reverse, the idea is to put a couple of load balanced squid servers in front of the web servers to better maximize. I figure squid should be able to provide way more performance than adding more web servers for a while. Anyhow, re-installed squid and using default config, have it working as a reverse for the main site. It's not yet serving up the virtual hosts however. This is what I've got now that it's rebuilt and I'm reading about the various options. #Recommended minimum configuration: cache_mgr www.mydomain.com acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl our_sites dstdomain www.mydomain.com http_port 80 accel defaultsite=www.mydomain.com vhost cache_peer 192.168.1.93 parent 80 0 no-query originserver name=myAccel cache_peer_access myAccel allow our_sites cache_peer_access myAccel deny all #Guessing my problem is in the following section since I've never been much good at ACL's. http_access allow our_sites http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all icp_access allow all #We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? cache_mem 2048 MB # maximum_object_size_in_memory 8 KB # memory_replacement_policy lru cache_dir ufs /var/spool/squid 40100 16 256 access_log /var/log/squid/access.log squid cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log coredump_dir /var/spool/squid acl QUERY urlpath_regex cgi-bin \? acl apache rep_header Server ^Apache broken_vary_encoding allow apache cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 -- View this message in context: http://www.nabble.com/Can-a-guru-verify-my-config--tp22897504p22901349.html Sent from the Squid - Users mailing list archive at Nabble.com.
