Hi Amos, Thank you for your response. The following is is my configuration: http_port 80 accel defaultsite=www.abc.com cache_peer 202.x.x.x parent 80 0 no-query originserver name=myAccel acl our_sites dstdomain www.abc.com cache_peer_access myAccel allow our_sites cache_peer_access myAccel deny all acl HTTPS proto HTTPS deny_info http://www.efg.com/ HTTPS http_access deny HTTPS cache_peer 75.x.x.x parent 80 0 no-query originserver name=myserver1 acl sites_myserver1 dstdomain www.efg.com I change my host file in window and connect to http://www.efg.com is no problem and can see the log in /var/log/squid3/access.log. But when i click one of the icon in this site is involved https, no response and I can see any a hit in the log. I know i can use https_port 443 to add the cert in squid. But I want to config this squid server to serve different customers as a cache server and their dns porint to this server. What I want to do is: 1. Cache the http service for different site ( now is OK) 2. if this site involve https service, let the traffice redirect to the original web server ( no solution now). 3. if https_port can support multiple cert for different sites. cache the https sites. (no solution now). Hope you can help. Regards, Gary 2011/5/1 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On 01/05/11 15:41, Gary K wrote: >> >> Hi Amos, >> >> Thank you for your reply! >> Any method when received http go to squid cache, when received https >> redirect to web server directly? >> > > Multiple concepts clash in your statement... > "squid cache" -> storage component of Squid > "redirect" -> HTTP 301, 302, 303 or 307 message > "web server direct" -> use global DNS to locate web service > > > The config I gave you earlier prevents Squid proxy using Squid cache > component to service the HTTPS requests. > > > Reverse proxy HTTPS can redirect to web server HTTP with: > acl HTTPS proto HTTPS > deny_info http://example.com/ HTTPS > http_access deny HTTPS > > > Making Squid reverse proxy go direct to web servers instead of using > cache_peer is unsafe. Normal reverse proxy configuration has cache_peer > entires to pass the requests to web servers without using global DNS. > > > > Reading between the lines I suspect you mean passing HTTP traffic to Squid > and HTTPS not to Squid? > > Reverse proxy has gobal DNS pointing a whole domain at Squid IP. You can: > (at DNS level) configure with a different domain > (ie http://www.example.com/ and https://ssl.example.com/) > OR > (at packet level) forward/route port 443 from Squid box to the web server > box instead of configuring squid https_port. > OR > (at service level) have Squid listening on port 80 and web server on port > 443 on the Squid box. > > > Any of this helpful? > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.12 > Beta testers wanted for 3.2.0.7 and 3.1.12.1 >
