On 11/02/18 06:33, Peng Yu wrote: > Hi, > > I see the following blog about setting up a reverse proxy using squid. > > http://derpturkey.com/squid-as-a-reverse-proxy/ > > But there seem to be more configurations than what I need. > > For example, for the following line, I don't need to restrict the > access to a specific domain. > http_port 80 accel defaultsite=www.example.com The above does not *restrict*. It sets a default value for Squid to use when the Host header is missing from HTTP requests. > > Instead, any access to the IP of the reverse proxy should be OK. In > this sense, should I just use the following? > > http_port 80 accel You can if you want to. But be aware that any clients which omit the Host header in their requests will be rejected by the proxy with an error page. > > Also, let's say I have two web servers server1 and server2 to be > proxied. Since I don't use a domain, I am not sure how Step 3 should > be adjusted. By using other types of ACLs in an arrangement which meets your desired mapping. Please read the FAQ about how ACLs work. That includes a list of different ACLs. <http://wiki.squid-cache.org/SquidFaq/SquidAcl> So far as you have stated that would be "cache_peer ... allow all". Which is a very bad idea... Be aware that the domain based config is itself a security layer to prevent attackers and certain type of DoS reaching through the proxy to attack the peers directly with bogus traffic. Using other types of ACLs, particularly ones leading to "no restriction" like you describe make your proxy and the origins all at risk for denial of service attacks. What is your reason for wanting "no restrictions"? it could be that you actually need something very different to what you are asking about. > > I also do not want any restrictions to my reverse proxy. But I am not > sure how Step 4 should be simplified. > > Could anybody please let me know how to configure squid reverse proxy > in my simplified scenario? That tutorial is describing the simplest scenario possible with a multiple peers in a reverse-proxy. Yours is actually the more complicated scenario since you apparently need some unusual ACL configuration. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
