On Wed, 11 Aug 2010 15:05:32 -0400, "AJ Weber" <aweber@xxxxxxxxxxx> wrote: > Sorry it's taken me so long to test this out (a week...). > > I have it working with some very preliminary tests, but I had to add the > "allow-direct" to the http_port line in addition to the example on the > Wiki > for the BasicAccelerator. > > Is this correct? Is my config "special" and/or does this depend on the > web/appserver being connected to, or should this be added to the wiki > (i.e. > documentation error)? > > Is allow-direct just a security thing, or am I somehow disabling some of > the > Squid goodness? It's a security thing. DIRECT access is blocked for reverse-proxy to prevent Host: header games (CVE-2009-0801) and remove the need for DNS resolution delays. It also helps prevent Squid from DNS-resolving itself as the destination host of the domain and looping. The basic config example contains a cache_peer line pointing specifically at the back-end website host. With cache_peer_access rules using a dstdomain ACL to allow only that hosts domains. Those lines should be routing the relevant requests to that host without needing DIRECT access or DNS in any way. Amos > ----- Original Message ----- > From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx> > To: <squid-users@xxxxxxxxxxxxxxx> > Sent: Wednesday, August 04, 2010 7:55 PM > Subject: Re: RE: EXTERNAL: [squid-users] NEWBIE Q: > httpd_accel_single_host? > > >>> -----Original Message----- >>> From: AJ Weber [mailto:aweber@xxxxxxxxxxx] >>> Sent: Wednesday, August 04, 2010 2:07 PM >>> To: squid-users@xxxxxxxxxxxxxxx >>> Subject: EXTERNAL: NEWBIE Q: httpd_accel_single_host? >>> >>> Does anyone have any config examples, tips or FAQ about simulating the >>> "old" >>> (pre 2.6, at least) single-host acceleration (i.e. as was done with the >>> directive in the subject)? >>> >>> I have Duane Wessels' O'Reilly book here, and am trying to build a very >>> specific server accelerator for across a slow, WAN link, but just for a >>> single back-end host. (Chapter 15, pg 307, if you're now >> following-along >>> ;) ) >>> >> >> On Wed, 04 Aug 2010 16:53:50 -0400, "Bucci, David G" >> <david.g.bucci@xxxxxxxx> wrote: >>> I'm a novice (and maybe I shouldn't speak out of turn), but I wonder why >>> you can't simply do sstandard reverse proxying, e.g., name your proxy >>> server "original.org" in DNS, rename your slow web server "backend.org", >>> and do a simple accel config: >>> >> >> Indeed. Reverse-proxy is what we call it nowdays. >> >> The updated version of that single-host option (pg *308*) can be found >> here: >> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator >> >> Chapter 15, pg 307 was about the multiple-host options AFAICT. >> That can be found here: >> http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting >> >> Amos >>
