[squid-users] accelerator goes internal from Peña, Botp on 2002-03-10 (squid-users)

From: Peña, Botp <botp@dont-contact.us>
Date: Mon, 11 Mar 2002 14:06:09 +0800

Hi ALL:

I am trying to accelerate an iis server. The iis is connected internally
only but the squid accelerator of course has connected to both internal and
external.

When I browse our site (using squid ip), the first page comes up just fine.
However, when I login or click on other links. I am being passed to the
internal ip of the iis. I cannot access the link since the real ip of the
iis is being passed now to me. I thought that squid should get the page fr
iis, then i or my browser gets page fr squid.

To illustrate:

squid address: 202.57.100.225 external; 10.1.200.1 internal.
iis address: 10.1.200.8 only

a) I browse 202.57.100.225. First page comes up fine and browser address
shows external address 202.57.100.225
b) I login (the iis has a login page), the page and browser address now
shows the internal address 10.1.200.8... which is not what i expected...

Hints pls...

Thanks
-botp

the ff three settings are the only ones i added on squid.conf:

http_port 80
httpd_accel_host 10.1.200.8
httpd_accel_port 80

> -----Original Message-----
> From: Colin Campbell [mailto:sgcccdc@citec.qld.gov.au]
> Sent: Monday, March 11, 2002 12:59 PM
> To: Su -
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Http access control
>
>
> Hi,
>
> On Sun, 10 Mar 2002, Su - wrote:
>
> > Hi
> > I using Squid v2.3. Now i like to control only certain
> > PCs, eg. PC with Ip Address of 192.168.0.4 ,
> > 192.168.0.20 are allowed to access Internet. My
> > network IP address is from 192.168.0.1 -> 192.168.0.50
> > , Subnet 255.255.255.0
> >
> > How can i do so ?
> >
> > I tried this way :
> >
> > #acl allowed_hosts src 192.168.0.0/255.255.255.0
> > acl allowed_hosts src 192.168.0.4/255.255.255.0
> > acl allowed_hosts src 192.168.0.20/255.255.255.0
>
> You have
>
> a) redefined allowed_hosts. The second one overrides the first.
>
> b) masked off the host address with the netmask.
> (192.168.0.4/255.255.255.0 becomes 192.168.0.0, ie
> everything). If you
> look at your logs you'll probably see a message asying that's what
> you've done.
>
> > But when i test , still all PCs able to do so. The
> > result i got, is either deny all PCs, or allow all
> > pCs.
>
> What you want is something like:
>
> acl myfriend1 src 192.168.0.4
> acl myfriend2 src 192.168.0.20
> acl all src 0.0.0.0/0.0.0.0
>
> http_access allow myfriend1
> http_access allwo myfriend2
> http_access deny all
>
> Colin
>
Received on Sun Mar 10 2002 - 23:07:50 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:49 MST