On 20/10/2015 6:57 a.m., Sebastien.Boulianne wrote: > If I replace the "acl cpuwebacl dstdomain www.cpu.qc.ca" by "acl cpuwebacl dstdomain cpu.qc.ca", I got a error 404**** > I think I see where the confusion is coming from. We need to teach you both how dstdomain and proxying works. * Lets start with dstdomain. This line: acl cpuwebacl dstdomain cpu.qc.ca ... matches *only* the http://cpu.qc.ca/ requests. This line: acl cpuwebacl dstdomain www.cpu.qc.ca ... matches *only* the http://www.cpu.qc.ca/ requests. Because the values in the dstdomain are *exact* domain FQDN. This line: acl cpuwebacl dstdomain .cpu.qc.ca .. matches any request for cpu.qc.ca *and* for any sub-domain such as www.cpu.qc.ca, helloworld.cpu.qc.ca, etc. Because the '.' prefix makes it a wildcard match. So what you have been doing is switching the ACL from accepting the main domain FQDN and its www.* subdomain. But not both at once. * Secondly, proxying. The purpose of the proxy is to pass on the client request as transparently as possible. Note that "transparent" here has the literal meaning of transparency. As in the request received is almost exactly what gets passed on. I suspect that TMG did not proxy the requests but interpreted and translated a request for the main FQDN to www.*, or vice versa. Squid does not do that. Squid passes the *actual* client request URL to the origin server and expects that server to be fully aware of the URLs it is serving up. If your origin server is broken and cannot handle the real client requests, there are workarounds. But the best thing is to fix the server so it will work propery regardless of a proxy being in front. So lets try that first. As Anthony mentioned the 404 is coming from the origin. Find out why and fix it, or if its okay ignore it. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
