Amos Jeffries wrote:
> Tom Williams wrote:
>> Ok, now that I've basically got Squid 3 configured as a HTTP
>> accelerator, I have a question about ACL rules and http_access.
>>
>> Here is the basic config: I've got two web servers behind a load
>> balancer. The idea is to have Squid server as a HTTP accelerator
>> for Apache so it will cache static content (like global site
>> graphics, etc) leaving Apache to deal with traffic that requires
>> database access.
>>
>> Here are my configuration lines:
>>
>> acl directIP dst aaa.bbb.ccc.ddd/32
>> acl website dstdomain .mydomain.com
>>
>> #Recommended minimum configuration:
>> #
>> # Only allow cachemgr access from localhost
>> http_access allow manager localhost
>> http_access deny manager
>> # Deny requests to unknown ports
>> http_access deny !Safe_ports
>> # Deny CONNECT to other than SSL ports
>> http_access deny CONNECT !SSL_ports
>> #
>> # We strongly recommend the following be uncommented to protect innocent
>> # web applications running on the proxy server who think the only
>> # one who can access services on "localhost" is a local user
>> http_access deny to_localhost
>> #
>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>
>> # Example rule allowing access from your local networks.
>> # Adapt localnet in the ACL section to list your (internal) IP networks
>> # from where browsing should be allowed
>> http_access allow localnet
>> http_access allow directIP
>> http_access allow website
>>
>> # And finally deny all other access to this proxy
>> http_access deny all
>>
>>
>> Now, when I point my browser at:
>>
>> http://aaa.bbb.ccc.ddd/
>>
>> I get an access denied 403 error page from Squid.
>>
>> If I point my browser at:
>>
>> http://www.mydomain.com/
>>
>> It works just fine. www.mydomain.com resolves to the
>> aaa.bbb.ccc.ddd. IP address.
>>
>> Why does the domain work yet the IP doesn't? What am I missing?
>>
>
> All of the actual acceleration bits :)
> http://wiki.squid-cache.org/SquidFaq/ReverseProxy
>
>
> Amos
Thanks for the suggestion. I had looked at that article before but it
didn't address my problem, unfortunately. Is there a way to enable
some debug level that will log exceptions processing the http_access
rules? I'm getting TCP_DENIED/403 messages in access.log, like this:
1224898553.333 2 www.xxx.yyy.zzz TCP_DENIED/403 2434 GET
http://aaa.bbb.ccc.ddd/ - NONE/- text/html
yet I can't generate any debug info to provide more information as to
why the TCP_DENIED was issued.
Thanks!
Peace...
Tom
Received on Sat Oct 25 2008 - 01:41:37 MDT
This archive was generated by hypermail 2.2.0 : Sat Oct 25 2008 - 12:00:03 MDT