Re: Access Denied on 2.2STABLE5 w/accel and proxy

From: Henrik Nordstrom <>
Date: Wed, 20 Oct 1999 23:56:54 +0200

Jay Rouman wrote:
> I'm using squid to provide filtered access (squidGuard) in a K-12
> environment. For historical reasons (CERN) we have squid running on
> port 80. I wish we had not done this, but it's painful to change all
> the clients. Anyhow, our "real" web server runs on port 81 of the same
> machine. squid-1.NOVM.20 works like a champ, but I have been unable to
> figure out how to move to a more modern version. I always get an "Access
> Denied" error when a client tries to access the accelerated web server
> on port 80. Duane and Henrik gave me some suggestions earlier, but
> apparently did not use small enough words for my bear brain.

Ok, lets try again ;-)

If you are running Squid as both an accelerator and proxy then you need
a redirector script to rewrite proxied requests similar to how Squids
accelerator functions rewrite accelerated request, or configure your
browsers to go direct for your accelerated server (the no-proxy field in
the browser proxy settings)

A proxied request looks like

GET http://www.your.domain/path/to/file HTTP/1.0

while an non-proxy request (to be accelerated) looks like

GET /path/to/file HTTP/1.0

When Squid receives an non-proxy request it uses the httpd_accel*
settings to reconstruct a full URL.

GET http://httpd_accel_host:httpd_accel_port/path/to/file HTTP/1.0

This is however not done if the request includes a full URL from the

What you need if you want your clients to be able to proxy to your
accelerated server is a redirector script that rewrites
http://www.your.domain/path/to/file to
http://httpd_accel_host:httpd_accel_port/path/to/file, or Squid will
wrongly try to request the object from itself and then deny the request
since it is making a request loop.

Example script:

#!/usr/bin/perl -p
s%http://www.your.domain(:80)?([/ ])%http://www.your.domain:81$2%i;

Henrik Nordstrom
Squid hacker
Received on Wed Oct 20 1999 - 16:39:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:00 MST