> Hello, > > I am new to squid but not new to reverse proxies. I am trying to > implement a proxy that would work like this: > > www.example.com -> server 1 > example.com -> server 1 > dev.example.com -> server 2 > > I have read the wiki here: > wiki.squid-cache.org/SquidFaq/ReverseProxy > > But I cant get it to work and I am about to pull my hair out. > > My squid.conf looks like: > -------- > http_port 80 accel defaultsite=example.com > cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 > cache_peer_domain server_2 dev.example.com > cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 > cache_peer_domain server_1 example.com > -------- > > This gives me a big fat: "Access Denied" > > So I added this to my squid.conf: > ------- > acl our_sites dstdomain example.com dev.example.com > http_access allow our_sites > ------- > Correct. > This clears the "Access Denied" however now all traffic goes to "server_1" > (the .115 addy). This is because cache_peer_domain lists a set of domain suffixes, ie it has an implicit wildcard built-in to the domain pattern *.example.com / *.dev.example.com. > > I have tried all sorts of cute ACLs included but not limited to delcaring > ACSs for server_1 and server_2 respectively and allowing access to > server_1 from server_1 sites and denying server_2 sites and vice versa. > However this just gives me an "Access Denied" for all sites. > > I have also tired every example found on this issue in the Wiki. I feel > like the Wiki is leaving out a key config line that is causing this not to > work, but I could be wrong. You can't cleanly mix the cache_peer_domain and cache_peer_access. Perhapse you were doing that. I think you want this: http_port 80 accel defaultsite=example.com cache_peer 192.168.1.114 parent 80 0 no-query originserver name=server_2 acl dev dstdomain dev.example.com cache_peer_access server_2 allow dev cache_peer_access server_2 deny all http_access allow dev cache_peer 192.168.1.115 parent 80 0 no-query originserver name=server_1 acl www dstdomain example.com www.example.com cache_peer_access server_1 allow www cache_peer_access server_1 deny all http_access allow www http_access deny all If you are still having problems with the above, then I think the error is elsewhere than the peering config. > > I am runnig squid: > Squid Cache: Version 2.7.STABLE6 > configure options: '--disable-internal-dns' Good idea to re-enable that. Amos
