Gotcha - I'll upgrade to 5 shortly, but I don't think that's affecting my confusion.
GET / to
GET its-own-hostname/
based on the Host header on the incoming request, as you pointed out.
Thanks so much for your time, I'm learning this as I go and you've been very helpful.
--
Thanks for your nitpick, I think it's actually part of the key. I followed your suggestion, trying the parent cache_peer just on http, with the following squid.conf.
http_port 80 accel
cache_peer 10.60.4.178 parent 3128 0 no-query no-digest name=forward
request_header_add Joel Joel
# Simplified acl
http_access allow all
cache_peer_access forward allow all
# Misc
shutdown_lifetime 1 seconds
debug_options ALL,6
I upped the log level and followed how squid transformed the request, and saw it change
http_port 80 accel
cache_peer 10.60.4.178 parent 3128 0 no-query no-digest name=forward
request_header_add Joel Joel
# Simplified acl
http_access allow all
cache_peer_access forward allow all
# Misc
shutdown_lifetime 1 seconds
debug_options ALL,6
I upped the log level and followed how squid transformed the request, and saw it change
GET / to
GET its-own-hostname/
based on the Host header on the incoming request, as you pointed out.
The first problem is, the parent proxy doesn't know how to resolve that host - it rejects the request with "Invalid URL". I need the reverse proxy to rewrite both the host header and url to their correct target values for the parent proxy.
I tested this via telnet to the parent proxy (since I'm still struggling to get squid url rewriting working, will try that more later). When I sent
GET http://target-hostname/ HTTP/1.1
User-Agent: curl/7.68.0
Accept: */*
Host: target-hostname
Via: 1.1 ip-10-60-4-103 (squid/3.5.27)
Surrogate-Capability: ip-10-60-4-103="Surrogate/1.0 ESI/1.0"
X-Forwarded-For: 10.40.0.194
Cache-Control: max-age=259200
Connection: keep-alive
Joel: Joel
GET http://target-hostname/ HTTP/1.1
User-Agent: curl/7.68.0
Accept: */*
Host: target-hostname
Via: 1.1 ip-10-60-4-103 (squid/3.5.27)
Surrogate-Capability: ip-10-60-4-103="Surrogate/1.0 ESI/1.0"
X-Forwarded-For: 10.40.0.194
Cache-Control: max-age=259200
Connection: keep-alive
Joel: Joel
it works, but if I try https I get "Unsupported Request Method and Protocol" (it so happens that the parent proxy is also a squid in this case). I think this is expected, as the request above (https from proxy to proxy, on behalf of http client) should have been a CONNECT followed by the GET once the tunnel was established.
So: is squid capable of receiving the GET / to itself, sending a CONNECT /target-hostname to the parent proxy, negotiating that connection and then returning the result to the client? Obviously when it's functioning as a forward proxy it can receive CONNECTs and handle them, but this is the "flip" I'm still struggling with.
Thanks so much for your time, I'm learning this as I go and you've been very helpful.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
