Hi Henrik,
Just need a nod from you :). I've this setup for website accel.. Can
you confirm that it would hold on and that no security lapse in it?
my apache-webserver is running on 192.168.7.1 port 80. I have squid running on
192.168.7.3 port 80. All the image urls are pointing to 7.3.
------ squid.conf --------
http_port 80 accel defaultsite=192.168.7.1
cache_peer 192.168.7.1 parent 80 0 no-query originserver weight=1
http_access allow all
acl all src 0.0.0.0/0.0.0.0
icp_access allow all
Regards,
Suhaib.
On 6/7/07, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> tor 2007-06-07 klockan 20:37 +0500 skrev Suhaib Ahmad:
> > Thanks Henrik, but without mentioning
> >
> > http_port 80 accel defaultsite=your.main.website
> >
> > it was working with paras
> > http_port 80 transparent
>
> transparent is almost equal to accel vhost, but not entirely. The
> differences are
> - transparent supports transparent interception
> - accel requires the use of a cache_peer to forward the request.
> - transparent knows it's supposed to act as a proxy and not authorized
> by the web server, therefore HTTP authentication to Squid is not allowed
> to make sure the proxy admin don't unintentionally crash the HTTP
> protocol.
>
>
> If you are a reverse proxy you SHOULD NOT use transparent, instead use
> the accelerator options (vhost, defaultsite etc..).
>
> If you are a intercepting forward Internet proxy then you SHOULD use
> transparent.
>
> > And any idea why the WARNING: Forwarding loop detected for:. Is this
> > anything todo with dns settings.
>
> It's because your Squid thinks it is an Internet proxy and not a reverse
> proxy, and therefore tries to go direct when it doesn't look like there
> would be any benefit of forwarding the request via other cache peers..
> and when going direct DNS tells it to talk to itself..
>
> Regards
> Henrik
>
>
Received on Fri Jun 08 2007 - 05:41:38 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT