Chyi 1235 wrote:
thx so much but i nd www3 as i'm using squid to serve as a
geographical best web surfing experience. as users from different
region uses different squid proxy. or maybe can u suggest a better
solution and more economical? in future i may also need to build a
anti ddos filter at the proxy servers as occasionally the main servers
being attacked by china users. thx again for your valuable time in
answering my queation.
You have a couple of choices (in order of simplicity):
* make the web server aware of the www3 virtual host same as the www
host. (less efficient than the two below, but easier to get going)
* Using anycast IPs for the site. Serviced from all gateway machines.
* GeoIP based DNS results.
* re-writing the URLs in Squid results.
PS: Squid has several anti-DDoS features built in and active by default.
Simply using it will add a large measure of protection.
Careful tuning of the access controls can provide additional DDoS
resilience.
On Feb 21, 2010, at 5:25 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
Chyi wrote:
How do I setup squid to point to an IP which have multiple domains?
The scenario as follows:
1. www3.mainsite.com proxied to www.mainsite.com hosted on a
dedicated
ip. (success)
2. www3.newsite.com proxied to www.newsite.com which hosted on a
shared ip. (failed)
I really suggest getting away form that www3 subdomain thing. Squid
is designed to work best when the domain can be passed through to
the origin server without having to change things.
It is by far easier and less complex to maintain when the backend
server knows exactly what its providing to the public.
3. All dns is externally managed at www.everydns.net
You are aware of their pending merger and the upcoming alterations?
How do i solve this? Am using acce vhost at the moment and very new
to
linux and squid.
Thanks.
C
Setup the squid according to the 'virtual hosting' reverse proxy
example here. http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting
You need a cache_peer entry per backend server.
If one server handles multiple of the domains, just list them all
together in the one dstdomain ACL used for that server.
If you can drop the www3 alternatives, the above alone is enough to
get a strong system running for any website. Otherwise you are stuck
with a complex setup, usually involving url-rewriters, which
introduce all sorts of limits on what code the website authors can
use.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
Current Beta Squid 3.1.0.16
