Re: [squid-users] Reverse proxy on two sub-domains

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 19 Jun 2009 23:26:55 +1200

Elli Albek wrote:
> Hi,
> I am trying to set up squid as reverse proxy for two sub domains with the
> same origin server:
>
> http_port 3128 accel defaultsite=s1.blah.com:80
> cache_peer 1.2.3.4 parent 1234 0 no-query originserver name=my_parent
>
> acl url_s1_dir urlpath_regex ^/s1_dir/
> acl url_s2_dir urlpath_regex ^/s2_dir/
> acl s1_domain dstdomain s1.blah.com
> acl s2_domain dstdomain s2.blah.com
> http_access allow s1_domain url_s1_dir
> http_access allow s2_domain url_s2_dir
>
> cache_peer_domain my_parent .blah.com
>
> This maps the two domains/directories
> s1.blah.com/s1_dir
> s2.blah.com/s2_dir
>
> Nothing else is allowed.
>
> It works for s1, but does not work for s2. When I look at the access log, I
> see that squid is rewriting the domain name for s2 requests to s1, and this
> does not pass the s1 ACL.
>
> So if I go to:
> http://s2.blah.com/s2_dir/hello
> Squid rewrites it to:
> http://s1.blah.com/s2_dir/hello
>
> S1 domain works end-to-end.
>
> From what I can understand from the docs defaultsite is used when NOT SENT
> from the client.
> Docs: "What to use for the Host: header if it is not present in a request"
> My client does send it in the request.
>
> Any ideas? Do I need vhost? If I do vhost, what is the default domain when
> it is not specified? Do I need both vhost and defaultsite in one line?
>
> Thanks
>
> Elli
>

You need to kill whatever interception rules are sending stuff to port
3128 and setup a real virtual hosting reverse proxy.

  http_port 80 accel vhost defaultsite=s1.blah.com:80
  cache_peer 1.2.3.4 parent 1234 0 no-query originserver name=my_parent

  acl url_s1_dir urlpath_regex ^/s1_dir/
  acl url_s2_dir urlpath_regex ^/s2_dir/
  acl s1_domain dstdomain s1.blah.com
  acl s2_domain dstdomain s2.blah.com
  http_access allow s1_domain url_s1_dir
  http_access allow s2_domain url_s2_dir
  http_access deny all

...Thats it, the entire lot.

see http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting

If you get badly coded web-apps on the parent ending requests to port
1234 you may also need this:
  http_port 1234 accel vhost defaultsite=s1.blah.com:80

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
   Current Beta Squid 3.1.0.8
Received on Fri Jun 19 2009 - 11:27:02 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 20 2009 - 12:00:03 MDT