RE: [squid-users] HTTPS &Reverse proxy from Kieran Skinner on 2001-04-20 (squid-users)

From: Kieran Skinner <kieran.skinner@dont-contact.us>
Date: Fri, 20 Apr 2001 12:51:25 +0100

Reverse Proxy it shall be then.

I've tried the idea of using DNS to do the redirection for you and it works.
Unfortunatly in my setup I want to authenticate bassed on username and
destination URL. So because the standard HTTP authentication dosen't
involve the URL I need to use a custom redirector..argh! I can't use ACL's
for this feature because there are way to many usernames and the addition
and deletion of usernames if really dynamic - to much hassle to manage. So
unless my suthenticatio nhelper can get URL passed into it I will have to
stick with my custom redirector..oh well.

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
Sent: 18 April 2001 21:16
To: Kieran Skinner
Cc: Adam Lang; Squid Users
Subject: Re: [squid-users] HTTPS &Reverse proxy

Kieran Skinner wrote:
>
> So in that situation Squid would act as a kind of transparant proxy,
> accelerator. You could use some redirector to get pages form the
> appropriate server?

Dont mention the word proxy and accelerator in the same sentence
(reverse-proxy is OK). Most people then only see the word proxy and get
on the wrong track of what can or can not be done.

I never use a redirector in accelerators unless I absolutely must to.
Using a redirector is only required if rewriting the URL-path of
requests, or if you are doing IP-based virtual domain acceleration where
Squid listens on multiple IP addresses and needs to send the request to
different backend servers (or virtual domains) depending on which IP it
accepted the request on.

What I do is to use /etc/hosts to map the domain names to the
appropriate backend servers, and have squid configured as:

httpd_accel_host the.main.domain
httpd_accel_uses_host_header on
httpd_accel_with_proxy on
acl backendservers dst ip.of.server.1 ip.of.server.2 ...
acl http protocol http
acl port80 port 80
http_access allow backendservers http port80

Note: I currenly have a short assignment to clean up Squid for reverse
proxy use and allow for some new nice features in backend server load
balancing. For details see http://squid.sourceforge.net/rproxy/. When
this is done the ways you configure Squid as a reverse proxy will have
changed quite a bit to make it more flexible and powerful.

--
Henrik Nordstrom
Squid Hacker

Received on Fri Apr 20 2001 - 05:51:33 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:24 MST