Mike Suter wrote:
> Assuming www.domain42.com translates to 192.168.100.1, along with
> www.domain{40..41}.com, the redirector rewrites 192.168.100.1 to
> virthost.inside.com, which is doing host-header hosting.
Now I don't follow you.
What does the redirector does when www.domain42.com is requested? Are
you saying that your redirector in such case receives 192.168.100.1 and
then rewrites it to virthost.inside.com? In such case your accelerator
is not at all capable of handling virtual domains due to not having
enabled Host header support in Squid (httpd_accel_uses_host_header).
> I didn't try having the redirector not translate these host-header
> virt domains (and just letting split DNS take care of it) - maybe
> that's an answer - but I figured turning redirect_rewrites_host_header
> off would prevent this from being a factor..?
If there is a host header then "redirect_rewrites_host_header off" is
not supposed to touch it on redirected requests, with the danger of
inconsistencies between the requested URI and the Host header. So you
better not use that option together with httpd_accel_and_proxy, or an
malicious user can easily transfer pages from one virtual host to
another in the cache.
As I previously said my recommended setup is letting DNS (or /etc/hosts)
find the path to the real server, and not having Squid rewrite the URL
more than what is required to support requests without a Host header or
using raw IP's (http://192.168.100.1) (both are handled internally using
the raw IP where the request was received)
If http://www.example.com/ is requested then let the accelerator process
this as a request for www.example.com the whole way to contacting the
backend server.
If http://192.168.100.1/ is requested then have the redirector rewrite
this to the primary host/domain on that external IP. Do not rewrite to
the backend host name even if redirect_rewrites_host_header is off as
the redirected name will still be used for the Host header on requests
that did not have a Host header.
And it is entirely possible that "redirect_rewrites_host_header off" is
not working at all. Not that I would be terribly sorry if so is the case
as the option is awfully hard to configure correctly without getting you
into trouble with Host header virtual domains. I see only two setups
where the option is useful:
a) When you are using a split DNS namespace where the backend server
domains are named differently than the external domains.
example: www.example.com -> example.internal.com , www.example2.com ->
example2.internal.com
b) When you are using a redirector based on the url_path to make a
purely virtual site that only exists in the accelerator. The actual
content are split on different backend servers, but externally all are
visible under the same name. All this while the backend servers are
virtual host aware and must receive the official name to function
properly (might be CGI scripts, server generated redirects or whatever
making use if the host name in the output)
-- Henrik Nordstrom Squid Hacker -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Mon Oct 30 2000 - 00:14:53 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:02 MST