On Sat, 15 Jan 2005, Chow mae wrote:
> Now the question is: if I use http_accel_uses_host_header on, and the squids
> have the real IPs in /etc/hosts for logo1-4, then the squids should just be
> able to hit each of the origin servers on the backend fine, assuming that the
> requests have host headers for logo1-4, correct ?
Correct.
But you should also set up proper access controls in http_access limiting
to which destinations the proxy will allow requests. If not it can easily
be abused to reach other sites..
An alternative method is to tell Squid about each web server using
cache_peer, control which requests gets sent where with cache_peer_access
and force Squid to use the peers via never_direct. This gives you better
control over how Squid distributes the load on the web servers, for
example if you have multiple backend servers for the same content.
> and would there be anything special about having the squid pool take the
> incoming requests on one interface/IP (seen by the load balancer), and having
Squid doesn't care much about what your network layout looks like, as long
as it is a valid network that can be used for TCP/IP communication. So as
long as you make sure the routing etc is correctly set up Squid will work
fine.
Regards
Henrik
Received on Mon Jan 17 2005 - 03:18:20 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST