Re: [squid-users] newbie question

From: poncenby <smythe_at_poncenby.plus.com>
Date: Sat, 14 Feb 2009 22:02:50 +0000

Thanks for your reply.

In the scenario of not trusting the DNS replies that are received by the
client machine, all websites viewed on the client machine will have
static dns entries pointing to the squid cache.

What I'm looking for is a way of configuring squid so this can happen.
I've read the reverse proxy docs and tried the config changes in
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator,
however I get accessed denied and being new to squid am at a loss to
figure why the URL and Host fields are not being constructed and
allowing my client some web browsing through a trusted source.

Here is my squid.conf if someone could give me hint at why this isn't
working how I need it to:
I have apache2 running on tcp/81.

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src 0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl HTTP proto HTTP
acl CONNECT method CONNECT
always_direct allow HTTP
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
http_port 80 accel defaultsite=localhost
cache_peer 127.0.0.1 parent 81 0 no-query originserver name=myAccel
acl our_sites dstdomain localhost
http_access allow our_sites
cache_peer_access myAccel allow our_sites
cache_peer_access myAccel allow all
#http_port 80
hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
coredump_dir /usr/local/squid/var/cache

Kinkie wrote:
> On Sat, Feb 14, 2009 at 5:29 PM, poncenby <smythe_at_poncenby.plus.com> wrote:
>> Hi list,
> [...]
>> On a client machine I change the browser's proxy settings and all http
>> is forwarded fine.
>>
>> I then clear the proxy setting and make a static entry in /etc/hosts on
>> the client machine for a website. Upon visiting this website i get an error
>> saying:
>>
>> The following error was encountered while trying to retrieve the URL: /
>>
>> Invalid URL
>>
> [...]
>
>> So my question is, can squid be configured to forward traffic in the
>> scenario of changing the DNS?
>
> What you are doing on the client is for all practical purposes the
> same as setting up a reverse-proxy.
> If that is what you really want to do, then you need to configure
> squid appropriately.
> You can check http://wiki.squid-cache.org/SquidFaq/ReverseProxy out to
> get a first idea of what you need.
>
Received on Sat Feb 14 2009 - 22:02:41 MST

This archive was generated by hypermail 2.2.0 : Sun Feb 15 2009 - 12:00:01 MST