On 26.01.2012 13:21, Henrik Nordström wrote:
ons 2012-01-25 klockan 08:50 -0800 skrev Luc Igert:
Hi Amos, and thanks a lot for your answer.I Forgot to say I’m
running as a
Reverse Proxy with multiple backends, Squid 3.1
What’s confusing for me is the fact that www.xxx.ch is working,
while
backup.xxx.ch or wbbltest.xxx.ch aren’t.
So what cache_peer and cache_peer_access/cache_peer_domain rules do
you
have?
Three properly configured cache_peer, with unique cache_peer_domain and
a vhost port.
http_access allow manager localhost
http_access allow manager localnet
http_access allow localnet
http_access allow localhost
http_access allow manager
http_access deny !Safe_ports
This might be part of the problem. reverse-proxy traffic does not work
well behind forward-proxy security limitations.
...
http_port 80 accel defaultsite=backup.XXX.ch vhost
cache_peer 172.17.2.30 parent 80 0 no-query no-digest originserver
name=mysite1
cache_peer 172.17.2.32 parent 80 0 no-query no-digest originserver
name=mysite2
cache_peer 172.17.2.116 parent 80 0 no-query no-digest originserver
name=mysite3
cache_peer_domain mysite1 www.XXX.ch
cache_peer_domain mysite2 wbbltest.XXX.ch
cache_peer_domain mysite3 backup.XXX.ch
acl my_site1 dstdomain www.XXX.ch
acl my_site2 dstdomain wbbltest.XXX.ch
acl my_site3 dstdomain backup.XXX.ch
acl myaccelport port 80
acl myaccelport2 port 8080
http_access allow my_site1 myaccelport
http_access allow my_site2 myaccelport
http_access allow my_site3 myaccelport2
This last rule might be the issue with backup.*. Expecting traffic on
port 80 to be received with port value 8080. To pass that ACL requires
the sending client to violate HTTP specifications, sending "Host:
backup.XXX.ch:8080" when the host authority is actually
"backup.XXX.ch:80"
It could also be a dead peer (or firewall) issue since wbbltest.* is
breaking too. Or broken origin server configuration.
Amos
