Maybe it's because I used a FQDN instead of IP Address in my cache_peer
entry?
I'll double-check my cache_peer_access rules ASAP.
Thanks,
AJ
----- Original Message -----
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, August 11, 2010 11:17 PM
Subject: Re: RE: EXTERNAL: [squid-users] NEWBIE Q:
httpd_accel_single_host?
On Wed, 11 Aug 2010 15:05:32 -0400, "AJ Weber" <aweber@xxxxxxxxxxx> wrote:
Sorry it's taken me so long to test this out (a week...).
I have it working with some very preliminary tests, but I had to add the
"allow-direct" to the http_port line in addition to the example on the
Wiki
for the BasicAccelerator.
Is this correct? Is my config "special" and/or does this depend on the
web/appserver being connected to, or should this be added to the wiki
(i.e.
documentation error)?
Is allow-direct just a security thing, or am I somehow disabling some of
the
Squid goodness?
It's a security thing. DIRECT access is blocked for reverse-proxy to
prevent Host: header games (CVE-2009-0801) and remove the need for DNS
resolution delays. It also helps prevent Squid from DNS-resolving itself
as
the destination host of the domain and looping.
The basic config example contains a cache_peer line pointing specifically
at the back-end website host. With cache_peer_access rules using a
dstdomain ACL to allow only that hosts domains. Those lines should be
routing the relevant requests to that host without needing DIRECT access
or
DNS in any way.
Amos
----- Original Message -----
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, August 04, 2010 7:55 PM
Subject: Re: RE: EXTERNAL: [squid-users] NEWBIE Q:
httpd_accel_single_host?
-----Original Message-----
From: AJ Weber [mailto:aweber@xxxxxxxxxxx]
Sent: Wednesday, August 04, 2010 2:07 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: EXTERNAL: NEWBIE Q: httpd_accel_single_host?
Does anyone have any config examples, tips or FAQ about simulating the
"old"
(pre 2.6, at least) single-host acceleration (i.e. as was done with
the
directive in the subject)?
I have Duane Wessels' O'Reilly book here, and am trying to build a
very
specific server accelerator for across a slow, WAN link, but just for
a
single back-end host. (Chapter 15, pg 307, if you're now
following-along
;) )
On Wed, 04 Aug 2010 16:53:50 -0400, "Bucci, David G"
<david.g.bucci@xxxxxxxx> wrote:
I'm a novice (and maybe I shouldn't speak out of turn), but I wonder
why
you can't simply do sstandard reverse proxying, e.g., name your proxy
server "original.org" in DNS, rename your slow web server
"backend.org",
and do a simple accel config:
Indeed. Reverse-proxy is what we call it nowdays.
The updated version of that single-host option (pg *308*) can be found
here:
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
Chapter 15, pg 307 was about the multiple-host options AFAICT.
That can be found here:
http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting
Amos
