Search squid archive

Re: Squid as Reverse Proxy with Parent Proxy, http inbound and https outbound

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gotcha - I'll upgrade to 5 shortly, but I don't think that's affecting my confusion.

Thanks for your nitpick, I think it's actually part of the key. I followed your suggestion, trying the parent cache_peer just on http, with the following squid.conf.

http_port 80 accel
cache_peer 10.60.4.178 parent 3128 0 no-query no-digest name=forward
request_header_add Joel Joel

# Simplified acl
http_access allow all
cache_peer_access forward allow all

# Misc
shutdown_lifetime 1 seconds
debug_options ALL,6

I upped the log level and followed how squid transformed the request, and saw it change

GET / to
GET its-own-hostname/

based on the Host header on the incoming request, as you pointed out. 

The first problem is, the parent proxy doesn't know how to resolve that host - it rejects the request with "Invalid URL". I need the reverse proxy to rewrite both the host header and url to their correct target values for the parent proxy.

I tested this via telnet to the parent proxy (since I'm still struggling to get squid url rewriting working, will try that more later). When I sent

GET http://target-hostname/ HTTP/1.1
User-Agent: curl/7.68.0
Accept: */*
Host: target-hostname
Via: 1.1 ip-10-60-4-103 (squid/3.5.27)
Surrogate-Capability: ip-10-60-4-103="Surrogate/1.0 ESI/1.0"
X-Forwarded-For: 10.40.0.194
Cache-Control: max-age=259200
Connection: keep-alive
Joel: Joel

it works, but if I try https I get "Unsupported Request Method and Protocol" (it so happens that the parent proxy is also a squid in this case). I think this is expected, as the request above (https from proxy to proxy, on behalf of http client) should have been a CONNECT followed by the GET once the tunnel was established.

So: is squid capable of receiving the GET / to itself, sending a CONNECT /target-hostname to the parent proxy, negotiating that connection and then returning the result to the client? Obviously when it's functioning as a forward proxy it can receive CONNECTs and handle them, but this is the "flip" I'm still struggling with. 

Thanks so much for your time, I'm learning this as I go and you've been very helpful.

--

Joel Howard
Software Technical Lead
jhoward@xxxxxxxxxxxxxxxx
|
(330) 209-5779

Logo

Description automatically generated 

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux