I may have solved my own issue. It looks like my acl should use 'myport' instead of 'port' e.g. acl our_http_port port 80 should be: acl our_http_port myport 80 I'm not sure I understand the difference or why this works so I'd be happy to hear an explanation from anyone who knows. -andy > -----Original Message----- > From: Andy Litzinger > Sent: Wednesday, August 12, 2009 10:30 AM > To: Andy Litzinger; squid-users@xxxxxxxxxxxxxxx > Subject: RE: Reverse Proxy that listens and forwards to multiple ports > to the same backend server > > I should have mentioned I am running Squid3.0 Stable 18 > > > -----Original Message----- > > From: Andy Litzinger > > Sent: Wednesday, August 12, 2009 10:03 AM > > To: 'squid-users@xxxxxxxxxxxxxxx' > > Subject: Reverse Proxy that listens and forwards to multiple ports to > > the same backend server > > > > Hi all, > > I'm banging my head on what I think should be a simple config. I > > want squid to receive requests on port 80 and forward them on to the > > origin server on port 80. I also want squid to receive requests on > > port 8081 and forward requests to the same origin server on port > 8081. > > > > I have a Load Balancer (BigIP) sitting in front of my Squid server > and > > the origin server Squid points to is also actually a VIP on the LB > that > > sits in front of a pool of real origin servers. > > > > The goal is simple proxy- I'm not caching anything (that is working > > fine). > > > > Clients connect to http/https://my.test.com > > This resolves in my DNS to 192.168.94.225, a VIP hosted on the LB > that > > forwards traffic on to Squid. > > The origin server VIP for the content is 192.168.94.226 > > > > > > This is what the flows should look like focusing only on the > > destination TCP port as it goes through each device: > > Desired HTTP request flow: > > Request port 80 ---> LB ---> request port 80 ---> Squid ---> request > > port 80 ---> origin VIP on LB ----> request port 8080 ---> server > > listening on port 8080 > > > > Desired HTTPS request flow: > > Request port 443 ---> LB (SSL offload) ---> request port 8081 ---> > > Squid ---> request port 8081 ---> Origin VIP on LB ----> request port > > 8081 ---> server listening on port 8081 > > > > > > What I see happening for the HTTPS requests is that the request > arrives > > properly at the squid server on port 8081, but squid forwards the > > request to the Origin VIP on port 80 instead of 8081. > > > > Here is the config I'm trying: > > > > http_port 80 accel defaultsite=my.test.com > > http_port 8081 accel defaultsite=my.test.com > > icp_port 0 > > htcp_port 0 > > snmp_port 3401 > > > > debug_options ALL,1 33,2 > > > > cache_peer 192.168.94.226 parent 80 0 no-query no-digest originserver > > name=my_test > > cache_peer 192.168.94.226 parent 8081 0 no-query no-digest > originserver > > name=my_test_ssl > > > > acl our_http_port port 80 > > acl our_ssl_port port 8081 > > acl my_test_dom dstdomain my.test.com > > > > cache_peer_access my_test_ssl allow our_ssl_port my_test_dom > > cache_peer_access my_test_ssl deny all > > > > cache_peer_access my_test allow our_http_port my_test_dom > > cache_peer_access my_test deny all > > > > # acl to block caching > > acl our_sites dstdomain .test.com > > # acl listing the IP of each vip > > acl vips dst 192.168.94.225 > > acl acceleratedPort port 80 8081 > > > > # we do NOT want the responses to > > # any requests to be cached. > > cache deny our_sites > > # Allow requests to make it through to the VIPs > > # but only on the expected ports > > http_access allow vips acceleratedPort > > http_access deny all > > http_reply_access allow all > > > > cache_effective_user squid > > cache_effective_group squid > > visible_hostname testproxy.test.com > > unique_hostname testsquid01 > > > > client_db off > > uri_whitespace allow > > strip_query_terms off > > relaxed_header_parser on > > minimum_expiry_time 30 seconds > > > > request_header_access Accept-Encoding deny all > > > > any suggestions? > > > > Thanks! > > Andy
