Reverse-proxy

From: Joao Neves <joao@dont-contact.us>
Date: Mon, 20 Mar 2000 11:13:01 -0300

Hi all,

I've been running squid as a proxy / transparent proxy for our office
for some time with no problems. The squid box is running Mandrake 6.1
with kernel 2.2.14, and is also running IPCHAINS to connect us to the
internet.

I would like to use squid to do reverse proxying for our web servers
(two of them) which are located in our dmz, as well as continuing to do
proxying for the office. I set up redirectors to our web servers and
they worked fine for everyone in the office, but not for outsiders. I
therefore created an ACL for outside world allowing access to squid in
order to redirect to our servers.

The problem is: when connecting from the outside (I tested using a
dial-up connection and Apache's "It Worked" screen) squid redirects
great a couple of times and then starts giving 'connection refused'
errors. I screened all log files and found that while the mime type is
'TEXT/HTML' or something like it, everything's fine. Sometimes the mime
type is logged as " -- ", the connection is refused, and it doesn't even
get sent to the redirector. No packets are denied in our ipchains (I've
been logging EVERYTHING).

Our network is as follows:
    Office: 192.168.109.x and 192.168.21.x subnet
    DMZ: 192.168.3.x subnet
    The squid-box routes everything and has a valid IP address as well.

Here's my squid.conf:
http_port 3128
http_port 8080
debug_options ALL,2
dns_defnames on
redirect_program /usr/local/squirm/bin/squirm
redirect_children 10
redirect_rewrites_host_header on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i .gif$ 4320 90% 8640
refresh_pattern -i .jpg$ 4320 90% 8640
refresh_pattern -i .jpeg$ 4320 90% 8640
refresh_pattern . 0 60% 4320
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
forwarded_for off
icp_hit_stale on
prefer_direct on

Any ideas on how to get my reverse-proxy working ???

TIA, Joao
Received on Mon Mar 20 2000 - 07:19:14 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:18 MST