RE: [squid-users] Having issue with reverse proxy and SSL

From: Dean Weimer <dweimer_at_orscheln.com>
Date: Fri, 26 Mar 2010 13:17:28 -0500

Nick,
        Both http://some.url.com/ and https://some.url.com/ satisfy your
acl acl_http dstdomain some.url.com as the destination domain is the
same in both cases. Not sure if this is the best way to handle it but
if you changed your acls to use url_regex instead and used the following
it should work.

acl acl_http url_regex -i ^http://some.url.com
acl acl_ssl url_regex -i ^https://some.url.com

Dean

-----Original Message-----
From: Nick Duda [mailto:nduda_at_VistaPrint.com]
Sent: Friday, March 26, 2010 12:21 PM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Having issue with reverse proxy and SSL

Hi all,

I've got a reverse proxy setup but something is wrong with my config. I
want a request for a certain HTTP request to go to one cache_peer and
the exactly same request but for HTTPS to go to another cache_peer.
Right now its always hitting the same cache_peer.

Squid Cache: Version 2.6.STABLE18
configure options: '--enable-snmp' '--enable-storeio=aufs'
'--enable-ssl'

http_port 80 accel vhost
https_port 443 accel vhost cert=/path/to/cert.pem
key=/path/to/server.key

cache_peer secure.someurl.com parent 443 0 no-query originserver ssl
name=ssl sslflags=DONT_VERIFY_PEER
cache_peer 192.168.1.10 parent 80 0 no-query originserver name=http

acl acl_http dstdomain some.url.com
acl acl_ssl dstdomain some.url.com

cache_peer_access http allow acl_http
cache_peer_access ssl allow acl_ssl

http_access allow acl_http
http_access allow acl_ssl

Wouldn't that config send the request to the correcet cache_peer
depending on if it came in SSL or HTTP? It's the same URL, but either
HTTP or HTTPS always sends it to the cache_peer with the "name=http"

Thoughts?

Nick
Received on Fri Mar 26 2010 - 18:19:16 MDT

This archive was generated by hypermail 2.2.0 : Sat Mar 27 2010 - 12:00:05 MDT