Re: [squid-users] Having issue with reverse proxy and SSL

Nick Duda wrote:
> Thanks a ton, this seems to have worked. I'll play more with it. Thanks again.
>

Nick, Dean; meet "proto" ACL. :)

  acl HTTP proto HTTP
  acl HTTPS proto HTTPS

It's faster than the regex.

There is also the myport type which works reliably in regular receiving
ports. With myportname for more reliability on intercept and reverse
proxy ports.

Amos

> -----Original Message-----
> From: Dean Weimer [mailto:dweimer_at_orscheln.com]
> Sent: Friday, March 26, 2010 2:39 PM
> To: Nick Duda; squid-users_at_squid-cache.org
> Subject: RE: [squid-users] Having issue with reverse proxy and SSL
>
> I believe so, I believe you can also place them in a separate file one
> expression per line
>
> Example:
> A file /usr/local/squid/etc/acl_http could be as follows:
> ^http://some.url.com
> ^http://some.url2.com
> ^http://some.url3.com
>
> Squid configuration lone would be as follows:
> acl acl_http url_regex -i "/usr/local/squid/etc/acl_http"
>
>
> Though I think I remember something about external files not working
> correctly in some cases with url_regex, though I may be completely
> mistaken or the problem may have been fixed. Best thing to do is test
> it, if the setup isn't live it's a quick easy test to see if it works.
> Also I probably should note that the -i is there to ignore case,
> depending on your setup you may not want to use it.
>
> -----Original Message-----
> From: Nick Duda [mailto:nduda_at_VistaPrint.com]
> Sent: Friday, March 26, 2010 1:25 PM
> To: Dean Weimer; squid-users_at_squid-cache.org
> Subject: RE: [squid-users] Having issue with reverse proxy and SSL
>
> Using regex can I have multiple domains?
>
> i.e.
>
> acl acl_http url_regex -i ^http://some.url.com ^http://some.url2.com
> ^http://some.url3.com
>
>
> - Nick
>
>
>
> -----Original Message-----
> From: Dean Weimer [mailto:dweimer_at_orscheln.com]
> Sent: Friday, March 26, 2010 2:17 PM
> To: Nick Duda; squid-users_at_squid-cache.org
> Subject: RE: [squid-users] Having issue with reverse proxy and SSL
>
> Nick,
> Both http://some.url.com/ and https://some.url.com/ satisfy your
> acl acl_http dstdomain some.url.com as the destination domain is the
> same in both cases. Not sure if this is the best way to handle it but
> if you changed your acls to use url_regex instead and used the following
> it should work.
>
> acl acl_http url_regex -i ^http://some.url.com
> acl acl_ssl url_regex -i ^https://some.url.com
>
> Dean
>
> -----Original Message-----
> From: Nick Duda [mailto:nduda_at_VistaPrint.com]
> Sent: Friday, March 26, 2010 12:21 PM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Having issue with reverse proxy and SSL
>
> Hi all,
>
> I've got a reverse proxy setup but something is wrong with my config. I
> want a request for a certain HTTP request to go to one cache_peer and
> the exactly same request but for HTTPS to go to another cache_peer.
> Right now its always hitting the same cache_peer.
>
> Squid Cache: Version 2.6.STABLE18
> configure options: '--enable-snmp' '--enable-storeio=aufs'
> '--enable-ssl'
>
> http_port 80 accel vhost
> https_port 443 accel vhost cert=/path/to/cert.pem
> key=/path/to/server.key
>
> cache_peer secure.someurl.com parent 443 0 no-query originserver ssl
> name=ssl sslflags=DONT_VERIFY_PEER
> cache_peer 192.168.1.10 parent 80 0 no-query originserver name=http
>
> acl acl_http dstdomain some.url.com
> acl acl_ssl dstdomain some.url.com
>
> cache_peer_access http allow acl_http
> cache_peer_access ssl allow acl_ssl
>
> http_access allow acl_http
> http_access allow acl_ssl
>
>
> Wouldn't that config send the request to the correcet cache_peer
> depending on if it came in SSL or HTTP? It's the same URL, but either
> HTTP or HTTPS always sends it to the cache_peer with the "name=http"
>
> Thoughts?
>
> Nick

-- 
Please be using
   Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
   Current Beta Squid 3.1.0.18