Re: [squid-users] Problem with Reverse Proxy and multiple domains

>
> I'm currently running Squid 2.6 stable 22 as a caching server.
>
> It is acting as a front-end for bunch of servers answering for
> www.123456.com and 123456.com. Without any problems.
>
> I have updated the apache configuring for handling web traffic for
> www.abcdef.com=2C abcdef.com=2C www.987zyx.com and 987zyx.com.
>
> If I hit the web servers with the various domains=2C I get the desired web
> site without any problems.
>
> The problem I'm running into with Squid is that no matter what domain I
> enter, squid is treating all the traffic for www.123456.com.
>
> So if I enter www.987zyx.com via squid=2C I go the www.123456.com web site
> instead.
>
> Here is a copy of the squid configuration I'm using. What am I doing
> wrong?
>

Using the broken and obsolete squid-2.5 method of 'acceleration'.

I've placed incline alterations to update this to 2.6 requirements...

>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl CONNECT method CONNECT
>
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> coredump_dir /var/cache/squid

> http_port 80 accel vport

http_port 80 accel vhost

> cache_peer 192.168.2.10 parent 80 0 no-query originserver round-robin
> login=PASS
> cache_peer 192.168.2.11 parent 80 0 no-query originserver round-robin
> login=PASS
> cache_peer 192.168.2.12 parent 80 0 no-query originserver round-robin
> login=PASS

KILL this:
> acl webserver dst 192.168.2.10 192.168.2.11 192.168.2.12

acl 123456 dstdomain .123456.com

(if you want to be VERY tricky:
   acl 123456 dst 192.168.2.10
)

cache_peer_access 192.168.2.10 allow 123456
cache_peer_access 192.168.2.10 deny all
http_access allow 123456

... repeat as appropriate for each webserver. Including _separate_ ACLs
for each one.

Followed with:
 http_access deny all
 never_direct allow all

Kill all the below http_*:

> http_access allow webserver
> http_access allow all
> miss_access allow webserver
> miss_access allow all
> http_access deny all
>

> icp_access deny all
>
> acl loadbalancer1 src 192.168.3.125
> acl loadbalancer2 src 192.168.3.126
> follow_x_forwarded_for allow loadbalancer1
> follow_x_forwarded_for allow loadbalancer2
> follow_x_forwarded_for allow all
> acl_uses_indirect_client on
> delay_pool_uses_indirect_client on
> log_uses_indirect_client on
>
> logformat combined %{Host}>h %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h"
> "%{User-Agent}>h" %Ss:%Sh
> access_log /var/log/squid/access.log combined
> collapsed_forwarding on
> vary_ignore_expire on
>
> cache_effective_user squid
> cache_store_log none
> client_db off
> cache_mem 512 MB
> cache_dir ufs /var/cache/squid 3000 10 10
>

Amos
Received on Mon Mar 02 2009 - 22:11:30 MST