On 01/05/11 15:41, Gary K wrote:
Hi Amos,
Thank you for your reply!
Any method when received http go to squid cache, when received https
redirect to web server directly?
Multiple concepts clash in your statement...
"squid cache" -> storage component of Squid
"redirect" -> HTTP 301, 302, 303 or 307 message
"web server direct" -> use global DNS to locate web service
The config I gave you earlier prevents Squid proxy using Squid cache
component to service the HTTPS requests.
Reverse proxy HTTPS can redirect to web server HTTP with:
acl HTTPS proto HTTPS
deny_info http://example.com/ HTTPS
http_access deny HTTPS
Making Squid reverse proxy go direct to web servers instead of using
cache_peer is unsafe. Normal reverse proxy configuration has cache_peer
entires to pass the requests to web servers without using global DNS.
Reading between the lines I suspect you mean passing HTTP traffic to
Squid and HTTPS not to Squid?
Reverse proxy has gobal DNS pointing a whole domain at Squid IP. You can:
(at DNS level) configure with a different domain
(ie http://www.example.com/ and https://ssl.example.com/)
OR
(at packet level) forward/route port 443 from Squid box to the web
server box instead of configuring squid https_port.
OR
(at service level) have Squid listening on port 80 and web server on
port 443 on the Squid box.
Any of this helpful?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
