And if doesn't do the proper HTTP CONNECT, is there any way I can make squid to use HTTP CONNECT and establish a proxy channel? The reason I ask is because we use HTTP BasicAuth with the origin server and it needs to be encrypted end-to-end.
Thanks again,Hector
On Fri, Nov 21, 2014 at 4:15 PM, Hector Chan <hectorchan@xxxxxxxxx> wrote:
Would squid do the proper HTTP CONNECT before forwarding the request there ?Thanks,
HectorOn Thu, Nov 13, 2014 at 10:35 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 14/11/2014 6:22 p.m., Hector Chan wrote:
> Hi Amos,
>
>> those lines you specify above go in (C). *if* they are needed at
>> all.
>
> But I don't have control over (C). It's off limits.
Then you have to trust that the admin in charge of it set it up right.
>
>> In (B) goes:
>>
>> cache_peer forward-proxy.example.com parent 3128 0 name=C
>>
>> acl sendToC dstdomain origin-x.example.com origin-y.example.com
> origin-z.example.com
>> cache_peer_access C sendToC
>
> The requests reaching (B) (reverse-proxy.example.com) are in the
> form: http://reverse-proxy.example.com/goto-origin-x
> http://reverse-proxy.example.com/goto-origin-y
> http://reverse-proxy.example.com/goto-origin-z
>
> and I have a couple of cache_peer_access acls (urlpath regex) to
> send them to origin-x, origin-y, and origin-z. How would the above
> dstdomain acl work with these rules?
You have now stopped using HTTP and started using some strange
URL-embeded protocol.
An HTTP proxy cannot help you there. You require a proxy that
understands and acts on the URL-embeded protocol messages.
It is possible to extend Squid with URL-rewrite helpers that can
translate it into different HTTP URL for passing to (C). BUT, there is
no guarantee of what origin (C) will use to fetch that resource. You
have to *trust* that (C) uses the origin best suited to any request
that it is given, according to the criteria its own admin has set for
"best".
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUZaKVAAoJELJo5wb/XPRjdpQH/iBh1HQcAZQr0gqK7FS8nZ9x
v0fzAOx/L0HCG5MTT7drwvvEVltxMRYoVniM8VJSqUw3cFAlI+2VEScIr3oOFjcr
qAdjxyjer7sxVgmQM80Oa+n40RK7mvZejvhEV9/0Gc0XTmAjL3PrBptKpumslhVh
rq40LUX50rg5xaAfA02WCy4mYS99uH7qBABWIXeeESVdvGLVRTaTlthqaKW8JTFh
pjmS9OKVnk5CeEi6cyJ8VV7edBOgv2rpgUH8Wjap66mmIjVHq8alNU53obRAMk7p
Pd/bPfPFERnoBymbYmYfFBd3Mfddgc49Wpz9gggAWgXE8bq6CbXQHpj5GvUayaE=
=mS+q
-----END PGP SIGNATURE-----
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
