[squid-users] Reverse Proxy from Andrew Miehs on 2006-11-18 (squid-users)

From: Andrew Miehs <andrew@dont-contact.us>
Date: Sat, 18 Nov 2006 14:40:55 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear List,

I have just started testing Squid to use it as a reverse proxy for
our static image/ photo servers.

I have looked and read all the FAQs and mailing list articles I could
find, and have a few questions as to what the 'correct' way is to
configure things.

http://wiki.squid-cache.org/SquidFaq/ReverseProxy seems to be for pre
2.6 versions of squid.

We are currently testing Squid 2.6-stable5
I have only been able to find docs for Squid 2.4 and Squid 3.0

I have noticed that the configs for squid acceleration have changed
since 2.5 - and the Squid 3.0 docs are not quite correct either for
2.6. (accel is not an option in 2.6 and I don't know which other
options are different).

Below is the sample config I have so far...

Would it be possible to then add a second section to the FAQ/ Wiki
page for version >= 2.6?

I also saw mention of

acl accelerated_sites dstdomain your.main.website
other.virtual.domain
http_access allow accelerated_server

I have about 40 virtual domains and also HTTP/1.0 requests without
domain name that my web servers need to answer. Is this the only way
as I would need to modify the config each time we have an additional
domain '.de, .ch, .at' added.
IE: acl accelerated_sites www.mysite.com mysite.com www.mysite.net
mysite.net www.mysite.org mysite.org ........

If I do not add this to my config, does this mean that someone can
use my 'accelerated webserver' as a proxy?

Thanks for all your help in advance,

Andrew

- ----
Assuming Squid (Port 80)and WebServer (Port 8000) are installed on
the same server

http_port 80 vhost defaultsite=www.mysite.com
cache_peer 127.0.0.1 parent 8000 0 originserver no-query
deny_info TCP_RESET all
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
http_access allow manager localhost
http_access deny manager
http_access allow all

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFFXw1oW126qUNSzvURAiVrAJ9/t4rbkM9gFhIsU5vUQwg+vR7NhgCggwIA
mRZuAjCVLLdF7mj9OrBJqKc=
=52+0
-----END PGP SIGNATURE-----
Received on Sat Nov 18 2006 - 06:41:05 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST