On 4/03/2017 4:58 a.m., sothy shan wrote: > I changed the configuration > ++++++++++++++++++++++++++++++++++++ > http_port 192.168.1.69:80 accel defaultsite=www.AAAAA.com > cache_peer 192.168.1.31 parent 80 0 no-query originserver > > > http_access allow all > ++++++++++++++++++++++++++++++++++++++++++ > It worked well now for HTTP reverse proxy. "allow all" is *BAD*. Your server just delivered successful relayed responses when I asked it for google.com, example.com and some other domains which do not belong to you. It is an open-proxy, not a reverse-proxy. You should know what domains your system is serving and keep the dstdomain ACL to allow only that traffic through the proxy. My point earlier was that you need to choose your method of configuring the Squid ports. Either use the -a command option, or http_port. Do not use both for the same port number. I suggest removing the -a use, since it cannot be used to configure reverse-proxy port options. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
