Re: [squid-users] Reverse proxy, what to do with requests to it's IP addres? from Amos Jeffries on 2010-09-15 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 16 Sep 2010 01:12:55 +1200

On 16/09/10 00:23, Jordon Bedwell wrote:
> On 09/15/2010 07:20 AM, twinturbo_at_f2s.com wrote:
>> Dear Squidders
>>
>> I am setting up a reverse proxy so we can move from a temporary Apache Reverse
>> proxy.
>>
>> It works fine for all the Domains/Urls Hosted etc..
>>
>> But if I go to the IP of the Proxy I get "URL could not be retrived page" with
>> the proxy details, obvioulsy I would rather nto have this presented to the
>> general public.

The squid error messages can be branded easily nowdays. No need to be
ashamed of them. http://www.squid-cache.org/Versions/langpack/ has
updated and HTML compliant templates with CSS hooks.

Squid version information can be removed leaving only the anonymous text
"squid" http://www.squid-cache.org/Doc/config/httpd_suppress_version_string/

>>
>> I tried squirm rewirting the IP to our default domain, but that did not seem to
>> work. ( squirm does rewrite some other stuff ok though )
>>
>> So.
>>
>> What is the best way to either return a blank page? or is there an easy way to
>> rewrite the request other than in squirm?

Free your mind from the concept of re-writing whenever bad things happen. :)

For requests sent to Squid without a Host: header specifying the domain.
Squid provides the defaultsite= option to your http_port. This will
pretend that the Host: header contains whatever domain is set there,
using it for a Host: header passed to the web servers.

To cleanly redirect a request to your main domain home page change your
terminal "http_access deny all" to this:

   acl bounce src all
   http_access deny bounce
   deny_info 303:http://example.com/ bounce

with example.com being whatever your domain is.

deny_info could also be set to "TCP_RESET" to abandon the clients
request. Leaving them with whatever their browser presents.

If you have the latest squid beta you can do trickier things like
preserving the path or http/https portions. :)
http://wiki.squid-cache.org/Features/CustomErrors

>>
>> Cheers
>>
>> Rob
>
> Add the IP to the ACL and it *should* by theory work though I've never
> actually done it since I redirect before it even hits Squid. After you
> do the previously mentioned you can use Apache or whatever other server
> you so choose to use to redirect to the domain name.

Then you face the problem of what the real web servers do with
http://10.0.0.0/something or whatever the IP is. Most likely you see a
fancy error page saying Host does not exist with the server logo and
server details.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.8
   Beta testers wanted for 3.2.0.2

Received on Wed Sep 15 2010 - 13:13:00 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 15 2010 - 12:00:03 MDT