Re: [squid-users] Configuring reverse proxy for both 80/443 from Amos Jeffries on 2008-03-07 (squid-users)

From: Amos Jeffries <squid3@dont-contact.us>
Date: Sat, 08 Mar 2008 19:12:57 +1300

l3d wrote:
> I've gotten part of it to work with two cache_peer lines such as:
>
> acl incoming_ssl dstdomain ssl.domain.com
> acl incoming_default dstdomain domain.com www.domain.com
>
> http_port 80 accel vhost
> https_port 443 cert=/usr/YOURCERT.cer key=/usr/YOURKEY.key vhost
>
> cache_peer xxx.xxx.xxx.xxx parent 443 0 no-query originserver ssl
> sslflags=DONT_VERIFY_PEER name=ssl.domain.com
> cache_peer_access ssl.domain.com allow incoming_ssl
>
> cache_peer xxx.xxx.xxx.xxx(same server) parent 80 0 no-query
> originserver name=*hostname of webserver*
> cache_peer_access *hostname of website* allow incoming_default
>
> But I have a problem with this config......
>
> Because my "domain.com" is in the acl even without the *.domain.com it
> still allows an 80 connection for my 443 website "ssl.domain.com"
> .... And because it still communicates with the originserver over 443,
> the originserver does not have an issue..... HOW can I force squid to
> accept only 443 connections for a website on a originserver that squid
> already uses for 80 connections?

ACL type myport .

acl sslPort myport 443

cache_peer_access allow sslPort incoming_ssl
cache_peer_access domain.com allow !sslPort incoming_default

Amos

>
> Please help
>
> -l3d
> On Tue, Mar 4, 2008 at 7:16 PM, Nick Duda <nduda@vistaprint.com> wrote:
>> Nope, it throws an error, I tried that.
>>
>>
>>
>> -----Original Message-----
>> From: Chris Woodfield [mailto:rekoil@semihuman.com]
>> Sent: Tuesday, March 04, 2008 8:02 PM
>> To: Nick Duda
>> Cc: squid-users@squid-cache.org
>> Subject: Re: [squid-users] Configuring reverse proxy for both 80/443
>>
>> I haven't tried this myself, but can't you just have two cache-peer
>> lines with the same host but different port numbers?
>>
>> -C
>>
>> On Mar 4, 2008, at 5:11 PM, Nick Duda wrote:
>>
>>> I seem to be stumped. I need to reverse proxy for one internal server
>>> that listens on both 80 and 443. How can I configure squid to proxy
>>> for
>>> the same cache-peer on both 80 and 443? As far as I can see you can
>>> only
>>> specify one protocol per cache-peer line. I think I am missing
>>> something.
>>>
>>> - Nick
>>>
>>

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.

Received on Fri Mar 07 2008 - 23:12:22 MST

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT