RE: [squid-users] Having issue with reverse proxy and SSL

Thanks a ton, this seems to have worked. I'll play more with it. Thanks again.

-----Original Message-----
From: Dean Weimer [mailto:dweimer_at_orscheln.com]
Sent: Friday, March 26, 2010 2:39 PM
To: Nick Duda; squid-users_at_squid-cache.org
Subject: RE: [squid-users] Having issue with reverse proxy and SSL

I believe so, I believe you can also place them in a separate file one
expression per line

Example:
A file /usr/local/squid/etc/acl_http could be as follows:
^http://some.url.com
^http://some.url2.com
^http://some.url3.com

Squid configuration lone would be as follows:
acl acl_http url_regex -i "/usr/local/squid/etc/acl_http"

Though I think I remember something about external files not working
correctly in some cases with url_regex, though I may be completely
mistaken or the problem may have been fixed. Best thing to do is test
it, if the setup isn't live it's a quick easy test to see if it works.
Also I probably should note that the -i is there to ignore case,
depending on your setup you may not want to use it.

-----Original Message-----
From: Nick Duda [mailto:nduda_at_VistaPrint.com]
Sent: Friday, March 26, 2010 1:25 PM
To: Dean Weimer; squid-users_at_squid-cache.org
Subject: RE: [squid-users] Having issue with reverse proxy and SSL

Using regex can I have multiple domains?

i.e.

acl acl_http url_regex -i ^http://some.url.com ^http://some.url2.com
^http://some.url3.com

- Nick

-----Original Message-----
From: Dean Weimer [mailto:dweimer_at_orscheln.com]
Sent: Friday, March 26, 2010 2:17 PM
To: Nick Duda; squid-users_at_squid-cache.org
Subject: RE: [squid-users] Having issue with reverse proxy and SSL

Nick,
        Both http://some.url.com/ and https://some.url.com/ satisfy your
acl acl_http dstdomain some.url.com as the destination domain is the
same in both cases. Not sure if this is the best way to handle it but
if you changed your acls to use url_regex instead and used the following
it should work.

acl acl_http url_regex -i ^http://some.url.com
acl acl_ssl url_regex -i ^https://some.url.com

Dean

-----Original Message-----
From: Nick Duda [mailto:nduda_at_VistaPrint.com]
Sent: Friday, March 26, 2010 12:21 PM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Having issue with reverse proxy and SSL

Hi all,

I've got a reverse proxy setup but something is wrong with my config. I
want a request for a certain HTTP request to go to one cache_peer and
the exactly same request but for HTTPS to go to another cache_peer.
Right now its always hitting the same cache_peer.

Squid Cache: Version 2.6.STABLE18
configure options: '--enable-snmp' '--enable-storeio=aufs'
'--enable-ssl'

http_port 80 accel vhost
https_port 443 accel vhost cert=/path/to/cert.pem
key=/path/to/server.key

cache_peer secure.someurl.com parent 443 0 no-query originserver ssl
name=ssl sslflags=DONT_VERIFY_PEER
cache_peer 192.168.1.10 parent 80 0 no-query originserver name=http

acl acl_http dstdomain some.url.com
acl acl_ssl dstdomain some.url.com

cache_peer_access http allow acl_http
cache_peer_access ssl allow acl_ssl

http_access allow acl_http
http_access allow acl_ssl

Wouldn't that config send the request to the correcet cache_peer
depending on if it came in SSL or HTTP? It's the same URL, but either
HTTP or HTTPS always sends it to the cache_peer with the "name=http"

Thoughts?

Nick
Received on Fri Mar 26 2010 - 18:51:36 MDT