On 16/01/2012 5:36 p.m., Roman Gelfand wrote:
I have setup configuration to forward requests to a backend server... acl dspam urlpath_regex ^/mesg https_port 443 cert=/etc/certs/mail.pem key=/etc/certs/mail.key vhost vport cache_peer host.mydomain.com parent 80 0 no-query originserver name=mail login=PASS cache_peer_access mail allow mail
You have omitted the definition for "mail". I will assume that it is defined right.
cache_peer_access mail deny all never_direct allow !localnet
never_direct is not relevant on reverse-proxy traffic.
http_access allow !localnet
Um, permitting traffic from anywhere *except* LAN? Bit strange. Why not do the usual reverse-proxy config of "http_access allow mail"? it makes no difference to Squid where the traffic comes from so long as it is valid for the peers to receive.
The problem is host mail resolves to mesg.mydomain.com instead of mail.mydomain.com. How can I force the header to be mesg.mydomain.com?
Its not clear why you need to force anything. Surely the server at "host.mydomain.com" has been correctly setup to host all of the FQDN which are passed to it?
Note that what the FQDN resolves to should be the Squid IP address. This resolution is done only by the client and is completely separate to the *textual* FQDN label which remains unchanged when passing through Squid to the server. The config demos show it using dstdomain to test the *textual* FQDN label for acceptible values instead of resolving the IP or other complex things by reason of domain FQDN being the most stable and dependable property of the traffic.
Amos
