Re: [squid-users] RE: EXTERNAL: [squid-users] NEWBIE Q: httpd_accel_single_host?

Maybe it's because I used a FQDN instead of IP Address in my cache_peer
entry?

I'll double-check my cache_peer_access rules ASAP.

Thanks,
AJ

----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: <squid-users_at_squid-cache.org>
Sent: Wednesday, August 11, 2010 11:17 PM
Subject: Re: [squid-users] RE: EXTERNAL: [squid-users] NEWBIE Q:
httpd_accel_single_host?

> On Wed, 11 Aug 2010 15:05:32 -0400, "AJ Weber" <aweber_at_comcast.net> wrote:
>> Sorry it's taken me so long to test this out (a week...).
>>
>> I have it working with some very preliminary tests, but I had to add the
>
>> "allow-direct" to the http_port line in addition to the example on the
>> Wiki
>> for the BasicAccelerator.
>>
>> Is this correct? Is my config "special" and/or does this depend on the
>> web/appserver being connected to, or should this be added to the wiki
>> (i.e.
>> documentation error)?
>>
>> Is allow-direct just a security thing, or am I somehow disabling some of
>> the
>> Squid goodness?
>
> It's a security thing. DIRECT access is blocked for reverse-proxy to
> prevent Host: header games (CVE-2009-0801) and remove the need for DNS
> resolution delays. It also helps prevent Squid from DNS-resolving itself
> as
> the destination host of the domain and looping.
>
> The basic config example contains a cache_peer line pointing specifically
> at the back-end website host. With cache_peer_access rules using a
> dstdomain ACL to allow only that hosts domains. Those lines should be
> routing the relevant requests to that host without needing DIRECT access
> or
> DNS in any way.
>
> Amos
>
>> ----- Original Message -----
>> From: "Amos Jeffries" <squid3_at_treenet.co.nz>
>> To: <squid-users_at_squid-cache.org>
>> Sent: Wednesday, August 04, 2010 7:55 PM
>> Subject: Re: [squid-users] RE: EXTERNAL: [squid-users] NEWBIE Q:
>> httpd_accel_single_host?
>>
>>
>>>> -----Original Message-----
>>>> From: AJ Weber [mailto:aweber_at_comcast.net]
>>>> Sent: Wednesday, August 04, 2010 2:07 PM
>>>> To: squid-users_at_squid-cache.org
>>>> Subject: EXTERNAL: [squid-users] NEWBIE Q: httpd_accel_single_host?
>>>>
>>>> Does anyone have any config examples, tips or FAQ about simulating the
>>>> "old"
>>>> (pre 2.6, at least) single-host acceleration (i.e. as was done with
> the
>>>> directive in the subject)?
>>>>
>>>> I have Duane Wessels' O'Reilly book here, and am trying to build a
> very
>>>> specific server accelerator for across a slow, WAN link, but just for
> a
>>>> single back-end host. (Chapter 15, pg 307, if you're now
>>> following-along
>>>> ;) )
>>>>
>>>
>>> On Wed, 04 Aug 2010 16:53:50 -0400, "Bucci, David G"
>>> <david.g.bucci_at_lmco.com> wrote:
>>>> I'm a novice (and maybe I shouldn't speak out of turn), but I wonder
> why
>>>> you can't simply do sstandard reverse proxying, e.g., name your proxy
>>>> server "original.org" in DNS, rename your slow web server
> "backend.org",
>>>> and do a simple accel config:
>>>>
>>>
>>> Indeed. Reverse-proxy is what we call it nowdays.
>>>
>>> The updated version of that single-host option (pg *308*) can be found
>>> here:
>>> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
>>>
>>> Chapter 15, pg 307 was about the multiple-host options AFAICT.
>>> That can be found here:
>>> http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting
>>>
>>> Amos
>>>
>
Received on Thu Aug 12 2010 - 12:31:46 MDT