I made several mistakes in my original post. So, I am rewriting it here... I have setup configuration to forward requests to a backend server... acl mail urlpath_regex ^/mesg https_port 443 cert=/etc/certs/mail.pem key=/etc/certs/mail.key vhost vport cache_peer mail.mydomain.com parent 80 0 no-query originserver name=mail login=PASS cache_peer_access mail allow mail cache_peer_access mail deny all http_access allow mail The problem is host mail resolves to mesg.mydomain.com instead of mail.mydomain.com. How can I force the header to be mesg.mydomain.com? On Mon, Jan 16, 2012 at 12:25 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 16/01/2012 5:36 p.m., Roman Gelfand wrote: >> >> I have setup configuration to forward requests to a backend server... >> >> acl dspam urlpath_regex ^/mesg >> https_port 443 cert=/etc/certs/mail.pem key=/etc/certs/mail.key vhost >> vport >> cache_peer host.mydomain.com parent 80 0 no-query originserver >> name=mail login=PASS >> cache_peer_access mail allow mail > > > You have omitted the definition for "mail". I will assume that it is defined > right. > >> cache_peer_access mail deny all >> never_direct allow !localnet > > > never_direct is not relevant on reverse-proxy traffic. > >> http_access allow !localnet > > > Um, permitting traffic from anywhere *except* LAN? Bit strange. Why not do > the usual reverse-proxy config of "http_access allow mail"? it makes no > difference to Squid where the traffic comes from so long as it is valid for > the peers to receive. > > > >> >> The problem is host mail resolves to mesg.mydomain.com instead of >> mail.mydomain.com. How can I force the header to be >> mesg.mydomain.com? > > > Its not clear why you need to force anything. Surely the server at > "host.mydomain.com" has been correctly setup to host all of the FQDN which > are passed to it? > > Note that what the FQDN resolves to should be the Squid IP address. This > resolution is done only by the client and is completely separate to the > *textual* FQDN label which remains unchanged when passing through Squid to > the server. The config demos show it using dstdomain to test the *textual* > FQDN label for acceptible values instead of resolving the IP or other > complex things by reason of domain FQDN being the most stable and dependable > property of the traffic. > > Amos
