[squid-users] single host off/ host_header on question

Hello, I am having some issues with my reverse proxy. I have some
sites that are load balanced between 4 Apache servers. I am testing
using Squid on 2 of the servers to help alleviate the load on calls
back to web-server's app server. Squid is running on port 80 and
Apache on 81 on the same box. There are a handful of Virtual Hosts in
my Apache configuration so I have single host off in my squid.conf. I
also need to pass the host header so the application server can
determine certain info for the building of the page so host_header is
on.
My issue is I get TCP_DENIED on calls to domains that are load
balanced between the 4 servers. Squid works for domains that are in
DNS and pointed directly to that server. As a test I added a couple
of the domains into the server's hosts file and pointed it to itself
and started squid with -D. Doing this makes Squid work properly for
me but adding all my domains into my host file is not really an option
since we have hundreds of domains. With host_headers on and single
host off does Squid do a lookup on each request and try and grab the
page from whatever IP it gets from DNS, even though it is suppose to
pass it to the web server? Do I have something set incorrectly in my
conf file that is blocking my passing the load balanced request to
itself properly?
Below is my conf, I changed my outside interface IP(168.192.2.3) and
my DMZ IP (10.10.21.2)

Thanks,
Nick Baronian

visible_hostname my.webserver.net
cache_effective_user squid
cache_effective_group squid
http_port 80
httpd_accel_host 127.0.0.1
httpd_accel_port 81
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /u01/squidlogs
cache_access_log /u01/squidlogs/access.log
cache_log /u01/squidlogs/cache.log
cache_store_log /u01/squidlogs/store.log
cache_dir ufs /u01/squid 8192 16 256
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 200 KB
request_body_max_size 0 KB
shutdown_lifetime 10 seconds
emulate_httpd_log on
strip_query_terms off

acl all src 0.0.0.0/0.0.0.0
acl dest_addy dst localhost 168.192.2.3 10.10.21.2
acl http proto http
acl ports port 80 81
acl csscall url_regex -i cssindex\.htm
acl cacheman url_regex -i cachemgr
acl HEAD method HEAD
acl purge method purge
acl CONNECT method CONNECT
acl mynets src 168.192.2.1
acl localhost src 127.0.0.1/255.255.255.255

acl bad_paths urlpath_regex -i \.exe\?
acl bad_paths urlpath_regex -i \.dll\?
acl bad_paths urlpath_regex -i \/winnt\/system32\/
acl bad_paths urlpath_regex -i \/_vti_bin\/
acl bad_paths urlpath_regex -i \/scripts\/
acl bad_paths urlpath_regex -i \/perl\/
acl bad_paths urlpath_regex -i \/examples\/
acl bad_paths urlpath_regex -i \/manual\/
acl bad_paths urlpath_regex -i \.pl\?
acl bad_paths urlpath_regex -i \.ida\?
acl bad_paths urlpath_regex -i \.php\?
acl bad_paths urlpath_regex -i \/counter
acl Manager proto cache_object
cache_mgr sysadmin@webserver.net
cache_effective_user squid
cache_effective_group squid
cachemgr_passwd $up3r$3cr3T all

http_access allow HEAD
http_access allow CONNECT
http_access allow purge localhost
http_access allow purge mynets
http_access allow Manager localhost
http_access allow cacheman localhost
http_access allow Manager mynets
http_access allow cacheman mynets
http_access deny Manager
http_access deny cacheman
no_cache deny csscall
no_cache deny cacheman
http_access deny !http
http_access deny !ports
http_access allow dest_addy
http_access deny bad_paths
http_access deny all
Received on Wed May 24 2006 - 15:09:08 MDT