On 12/01/11 19:12, Tim Hill wrote:
Hi
I have been reading through the configuration examples and guides for
the last week since taking the very rash decision to upgrade Squid to
version 3 while building a replacement router/firewall box.
The current machine runs happily under squid 2.4 - using squid to
provide routing to the internal web servers.
What I am unable to find is a config for Squid 3 that replicates the way
I have been running squid.
External connections to the websites are collected in squid, which then
uses the host header to internal DNS where the web server is. The web
servers are all on private IP addresses and only accessible from the
outside world via squid.
The network looks something like this.
Internet => Squid ---- Internal DNS (private)
|
web01 <====> web02
I have been unable to figure out a configuration that works in this manner.
I'd like to also control access so that only websites that are local IP
addresses in the internal DNS are proxied.
At the moment I cannot see a way of getting squid to ask a DNS server
for host location in reverse proxy mode, nor of setting up a subnet as
allowed addresses to proxy ( eg 192.168.1.0/24 )
The reasons behind wanting to work this way is to remove the need for
editing the squid config every time a new website is enabled or the
server the site is on is changed. When a change is made, all that needs
updating is the internal private DNS server.
What you are seeking is:
acl Servers dst ...
http_access allow Servers
always_direct allow Servers
However, note that Squid is now dependent on DNS results and has much
reduced DoS protection against garbage requests.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
