Bucci, David G wrote:
Are you allowed to change or get things added to the hosts file?
You could add the domain there and make it resolve to localhost. With
the proxy listening on localhost:80 using a reverse-proxy config (at
the child end [Squid C in our other discussions]).
Ooh, interesting - aren't you just a bundle of creative ideas! We just might be allowed to update hosts. You're saying that way we wouldn't have to change the app's URLs to localhost, which is nice. Would that also eliminate the need to rewrite the URLs, since the incoming URLs would be correctly addressed at the remote server (even though shunted to localhost locally)?
Yes.
But I don't see what rigging [C] to do reverse proxying buys us in that case. Can you amplify? Why wouldn't regular proxying, forcing to [S] as a cache_peer parent with never_direct and cache_peer_access still work?
origin web server requests are a different syntax to proxied web requests.
First part of reverse-proxy is the http_port settings telling squid how
to parse the request. The app will be thinking its talking to the orgin
web server and formatting the requests for that.
Oh ... or does the reverse proxying simply prevent Squid from doing a name resolution, and looping back to itself as origin?
Second part of reverse-proxy is the cache_peer to avoid DNS loops.
Also used to setup the SSL at the same time.
> And if so, are you saying to reverse proxy to the server Squid [S]
as the origin server?
The end product here looks like this:
inside localhost:
app --HTTP--> Squid C (reverse proxy) ---HTTPS ...
somewhere else:
... --HTTPS--> Squid S (normal) --HTTP--> Server.
I hope you don't mind this back and forth, I'm learning a ton!
-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: Thursday, August 05, 2010 8:31 AM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re: RE: EXTERNAL: Re: [squid-users] Clients issuing URLs directly to Squid port, URL rewrite to t
Bucci, David G wrote:
Is this a further complication on top of the other thread we are
discussing SSL links?
Yes ... all boiling back to us not being allowed to alter proxy settings on the PC. They want us to install a proxy, but won't let us change proxy settings, go figure. My original thought had been, ok, we'll redeploy the web services on e.g. port 8081 on the server (they'll let us do that), then use the equivalent of iptables on the PC to redirect outgoing calls to 8081 to 3128. But, to my surprise (I'm a Linux guy), Windows doesn't /have/ anything like iptables built in (not even the server versions, unbelievably), and you can't redirect ports without writing a network driver or buying e.g. a bandwidth-shaping app. Not an option for us.
Hence the rube Goldberg I described below. I'm being told that there are no URLs buried in the XML/headers, nor in any replies coming back, that the only thing the web service URL is used for is straight HTTP addressing.
These are .Net apps, and I'm being told there might be a way to set proxying just for the app, in what sounds like a .Net deployment descriptor of some kind. Hopefully that pans out, so I don't have to tempt Murphy on this.
Thx for answering!
Are you allowed to change or get things added to the hosts file?
You could add the domain there and make it resolve to localhost. With the proxy listening on localhost:80 using a reverse-proxy config (at the child end [Squid C in our other discussions]).
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.6
Beta testers wanted for 3.2.0.1
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.6
Beta testers wanted for 3.2.0.1