On Thu, 24 Dec 1998, Al Blake wrote:
> We have been running squid 1.1.9 for over a year as a proxy caching server.
> It has worked perfectly in this role and makes the best use of the limited
> bandwidth we have available in the South Pacific. squid is currently running
> on port 8000 for its http connections between it and the internal clients.
> We now need to publish some internal pages that reside on different hosts to
> the outside world. These hosts do not figure in the external dns and cannot
> be accessed directly from outside.
>
> I would like to use the squid box to do this but despite reading the FAQ and
> searching the net I am still confused as to the simplest way to set this up.
> In summary we currently have:
>
> proxy.org.nc - squid proxy cache (port 8000)
>
> mail.org.nc - internal mail host with Web access (port 80)
> other.org.nc - internal host with web pages required to be published
> externally.(port 80)
>
> Would I be best to use:
> a) Squid as an accelarator OR
> b) a redirector
The two are essentially the same thing. See below.
> to provide access to the internal hosts. If I use squid as an accelerator,
> how to I ensure that squid accepts port 80 connects from the outside world
> but only connects them to specified permitted URL's on the internal hosts?
> If I use a redirector how do I ensure that it is available on port 80
> (externally).
>
> I am totally confused despite thinking that I understood squid!
>
> Help..........
I suggest you don't try to make one copy of squid do everything. (I'm
fairly sure it's not possible in any case). Assuming you set up a fresh
copy of squid on the appropriate external host, set it up as a
redirector/accelerator as follows:
1. Set the listening port to port 80
2. Define an external program as a redirector using the redirect_program
tag.
This redirect program doesn't need to be anything complex. All it needs
to do is take in URLs on STDIN and pump out URLs on STDOUT. We use a
simple perl script.
The URLs which are returned should be for the backend servers.
Access control can be done at two places. Firstly, you could block access
from the squid accelerator to the backend websites for pages which
shouldn't be seen. Secondly, you can do it on the accelerator itself by
appropriate rewrite rules in the redirector (rewrite any invalid
request to an error page for instance) and/or acls in squid.conf.
You won't need a lot of cache for an accelerator. We have approx 12G of
webpages being served by a 1G accelerator which gets 85+% hitrate by both
number of hits and bytes served.
John
Received on Mon Jan 11 1999 - 07:26:26 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:57 MST