[squid-users] R: [squid-users] R: [squid-users] Failed to select source from Riccardo Castellani on 2010-03-12 (squid-users)

From: Riccardo Castellani <r.castellani_at_usl6.toscana.it>
Date: Fri, 12 Mar 2010 16:25:44 +0100

I updated the following entry in this way and now it works FINE ( no warning
logs in cache.log) :
acl psvirt dst A.B.C.D ==> acl psvirt dstdomain page.example.com

so I have:

http_port A.B.C.D:80 accel vhost defaultsite=HostA:8080
cache_peer HostA parent 8080 0 no-query originserver name=PSAccel
acl psvirt dstdomain page.example.com
http_access allow psvirt
cache_peer_access PSAccel allow psvirt
cache_peer_access PSAccel deny all

If I understood, Squid search 'host' header in the client request but if
client fails to send this header, Squid assumes the domain specified by
defaultsite.
But when client fails to send 'host' header ? And if I delete
"defaultsite=HostA:8080" what happens ?

> ... there is a great risk that 8080 port number
> leaks out to clients in various situations

I don't understand what you want to say.
This web server (HostA) is only accessible from intern. network by link on
another server which references to HostA:8080, while fro external network by
Squid Accelerator mechanism.

Thank you very much for your help

-----Messaggio originale-----
Da: Henrik Nordström [mailto:henrik_at_henriknordstrom.net]
Inviato: Wednesday, March 10, 2010 8:50 PM
A: Riccardo Castellani
Cc: squid-users_at_squid-cache.org
Oggetto: Re: [squid-users] R: [squid-users] Failed to select source

ons 2010-03-10 klockan 15:19 +0100 skrev Riccardo Castellani:
> http_port A.B.C.D:80 accel vhost defaultsite=HostA:8080

defaultsite should be your preferred site name as requested by clients,
i.e. www.example.com or whatever your main web site published here is.
If unsure then leave it out entirely.

> cache_peer HostA parent 8080 0 no-query originserver name=PSAccel
>
> acl psvirt dst A.B.C.D

This is not right. Should be

acl psvirt dstdomain www.example.com [etc, list all site names this
server publishes here]

> My Squid listens to on specific virtual IP address (IP: A.B.C.D, port 80)
> where it accelerates http requests to HostA which has opened port 8080.

If you can then it's much better if you can move the web server on HostA
over to port 80 as well.. there is a great risk that that 8080 port
number leaks out to clients in various situations.

Regards
Henrik
Received on Fri Mar 12 2010 - 15:25:27 MST

This archive was generated by hypermail 2.2.0 : Fri Mar 12 2010 - 12:00:03 MST