[squid-users] Problem with name based virtual hosts from Andreas Müller on 2010-04-07 (squid-users)

From: Andreas Müller <amuelle1_at_gmx.de>
Date: Wed, 7 Apr 2010 20:48:22 +0200

Hello,

I've a problem with a squid as accl for one apache with different name based
virtual hosts.

It seems that squid doesn't request the apache with the right http host as
send by the client. I can check this on a second IP address with is direct
bound to apache. Using the bypass works, using via squid accl calls the
"main" vhost.

See the config below. When I call one of the "dstdomain" hosts I always get
a request to www.domain.de on apache.

Does anybody now what I doing wrong? Is there somewhere a switch missing to
pass the original hostname?

squid.conf
-------------------------------------------------------------
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined

cache_dir ufs /var/cache/squid 1024 16 256

visible_hostname www.domain.de

http_port 123.123.123.123:80 accel defaultsite=www.domain.de
http_port 123.123.123.123:8080 accel defaultsite=www.domain.de
https_port 123.123.123.123:443 accel defaultsite=www.domain.de
cert=/home/httpd/vhosts/domain.de/ssl/www.domain.de.crt
key=/home/httpd/vhosts/domain.de/ssl/www.domain.de.key

cache_peer 127.0.0.1 parent 80 0 no-query
originserver name=myAccel1 login=PROXYPASS
cache_peer 127.0.0.1 parent 8080 0 no-query
originserver name=myAccel2
cache_peer 127.0.0.1 parent 443 0 no-query
originserver name=myAccel3 ssl sslflags=DONT_VERIFY_PEER

acl our_sites dstdomain www.domain.de
acl our_sites dstdomain sbwc.domain.de
acl our_sites dstdomain dereferer.domain.de
acl our_sites dstdomain images.domain.de
acl our_sites dstdomain .home.domain.de
acl our_sites dstdomain .domain-home.de
acl our_sites dstdomain shop.domain.de
acl out_sites dstdomain stats.domain.de

http_access allow our_sites
http_access deny all

acl port80 myport 80
acl port443 myport 443
acl port8080 myport 8080
acl dir urlpath_regex ^/web

cache_peer_access myAccel1 deny dir
cache_peer_access myAccel1 deny port8080
cache_peer_access myAccel1 deny port443

cache_peer_access myAccel3 deny port8080

cache_peer_access myAccel2 allow port8080
cache_peer_access myAccel2 allow dir
cache_peer_access myAccel2 deny all
-------------------------------------------------------------

Kind regards,

Andreas Müller
Received on Wed Apr 07 2010 - 18:48:51 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 08 2010 - 12:00:03 MDT