Jay Rouman wrote:
>
> I'm using squid to provide filtered access (squidGuard) in a K-12
> environment. For historical reasons (CERN) we have squid running on
> port 80. I wish we had not done this, but it's painful to change all
> the clients. Anyhow, our "real" web server runs on port 81 of the same
> machine. squid-1.NOVM.20 works like a champ, but I have been unable to
> figure out how to move to a more modern version. I always get an "Access
> Denied" error when a client tries to access the accelerated web server
> on port 80. Duane and Henrik gave me some suggestions earlier, but
> apparently did not use small enough words for my bear brain.
Ok, lets try again ;-)
If you are running Squid as both an accelerator and proxy then you need
a redirector script to rewrite proxied requests similar to how Squids
accelerator functions rewrite accelerated request, or configure your
browsers to go direct for your accelerated server (the no-proxy field in
the browser proxy settings)
A proxied request looks like
GET http://www.your.domain/path/to/file HTTP/1.0
while an non-proxy request (to be accelerated) looks like
GET /path/to/file HTTP/1.0
When Squid receives an non-proxy request it uses the httpd_accel*
settings to reconstruct a full URL.
GET http://httpd_accel_host:httpd_accel_port/path/to/file HTTP/1.0
This is however not done if the request includes a full URL from the
beginning.
What you need if you want your clients to be able to proxy to your
accelerated server is a redirector script that rewrites
http://www.your.domain/path/to/file to
http://httpd_accel_host:httpd_accel_port/path/to/file, or Squid will
wrongly try to request the object from itself and then deny the request
since it is making a request loop.
Example script:
#!/usr/bin/perl -p
$|=1;
s%http://www.your.domain(:80)?([/ ])%http://www.your.domain:81$2%i;
-- Henrik Nordstrom Squid hackerReceived on Wed Oct 20 1999 - 16:39:42 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:00 MST