On 28/04/2015 4:10 a.m., Brent Newland wrote: > x-post > http://www.reddit.com/r/sysadmin/comments/340f36/trying_to_setup_squid_as_a_ > reverse_proxy_works/ > > At this point, I've trimmed my Squid config down to: > > http_access allow all > cache_peer 127.0.0.1 parent 8084 0 no-digest no-query originserver > name=mywebsite > cache_peer_domain mywebsite beta.mywebsite.com > coredump_dir /var/cache/squid > dns_nameservers 8.8.8.8 208.67.222.222 Well I guarantee thats not all, because there is at least a http_port line to receive traffic. > > As for my server configuration, I'm on Windows Server 2008 R2 running Squid > 3.5 from http://squid.diladele.com/ Squid is a reverse proxy for a PHP > process running the PHP built-in webserver on port 8084. The issue does not > happen when the PHP webserver is on port 80, so I'm 99% sure the problem > isn't coming from there. > ... > > In the access log I get: > This is the loop being rejected. > 1430122290.530 1 192.168.10.1 TCP_MISS/403 5050 > POST http://beta.mywebsite.com/wp-login.php[3] - HIER_NONE/- text/html This is the first request. > 1430122290.532 17 69.146.194.21 TCP_MISS/403 5119 > POST http://beta.mywebsite.com/wp-login.php[4] - HIER_DIRECT/12.34.56.78 > text/html Notice how its going DIRECT. Reverse-proxy traffic has an automatic block on going direct as an option because the DNS entries are pointing at the proxy that is currently serving the request - guaranteeing that this loop will occur if DIRECT / DNS is used. That POST request entered your proxy without going through the reverse-proxy "accel" mode port, OR you have an always_direct line forcing this traffic to go direct when it must not. Instead of using the deprecated cache_peer_domain. Try this instead: acl mywebsite dstdomain beta.mywebsite.com cache_peer_access mywebsite allow mywebsite Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
