Re: [squid-users] CONNECT in accelerator mode

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 3 Mar 2009 11:01:48 +1300 (NZDT)

> Hello!
>
> I'm in a bit of a deadlock, so all my hopes are with you.
> The short version: I want to use squid as both an accelerator and as a
> forward proxy which can handle CONNECT requests.
>
> From what I've read over the net, these 2 cases are mutually
> exclusive, but I decided to ask anyway, since maybe there's a
> workaround or alternative method.

The net is mostly wrong.
Since 2.6 Squid has been perfectly capable of running in multiple modes at
once on multiple ports.

The config you are looking for is documented at:
 http://wiki.squid-cache.oprg/ConfigExamples/Reverse/BasicAccelerator

Note the little informative note at the top of the squid configuration
text relevant for forward-proxy + accelerator setups.

>
> Basically, I configure squid to listen to TCP/80 and use apache on
> TCP/81 as an origin server, but I also want it to handle CONNECT
> requests to a port range on localhost (10000-10020).
>
> In case you were wondering, here's my squid.conf file:
> http://pastebin.com/fcfcd6a6
> Whenever I try to connect through the proxy via CONNECT, i get the
> infamous [parseHttpRequest: CONNECT not valid in accelerator mode]
> error in the logs.

Aha, you cannot to CONNECT through an accelerated port AFAIK.

You can make squid listen on a regular non-accelerated port (usually 3128)
for all the forward-proxy requests.

>
> I tried (as it can be seen) to enable the proxy both-ways (with the
> allow-direct and always_direct keywords), but it works as far as
> CONNECT. There, it stops working as I expect it to.

Those two settings apply only to how a request is sent out of squid. Not
to the types available in any mode.

>
> If anyone has any thoughts on how I may overcome this problems, please do.
>
> Thank you!
>

Regarding a few of your posted config settings:

 cache_access_log == access_log
  * turning on to 'none' and then defining a log to send to makes
cache_access_log irrelevant.

no_cache - is deprecated. replace with 'cache deny' instead of 'no_cache
deny'.

  "acl all src all" - pretty much describes itself. And 'all' replaces
toRest in your usage.

http://pastebin.com/m60cf0432

Amos
Received on Mon Mar 02 2009 - 22:03:05 MST

This archive was generated by hypermail 2.2.0 : Tue Mar 03 2009 - 12:00:02 MST