Hi all
I'm having trouble getting squid to do what I need.
I'm in a test network within a corporate environment.
What I want is this:
1) squid needs to use the corporate proxy for Internet stuff
2) squid should cache
3) squid should reverse proxy several servers (but for now only one
actually exists) both http and https
4) anything destined for 10.1.102.0/24 needs to not be sent to the
corporate proxy.
5) only the WSUS server is allowed to talk to *.windowsupdate.com
What I get is:
1) Reverse proxying seems to work except that any attempts to browse a
remote site (ie www.microsoft.com) on the host being proxied results
in being redirected to itself.
2) Normal proxying seems to work (note the exception above)
My config file is
--- # Should be obvious http_port 3128 cache_dir ufs /var/spool/squid 6444 16 256 cache_access_log /var/log/squid/access.log ################################################################################ # Local traffic, is y'know, local acl acl_whitelist dstdomain .dev.company.com acl acl_virthost dst 10.1.102.8/29 acl http proto http acl vdsm port 54321 acl port_80 port 80 acl port_443 port 443 acl CONNECT method CONNECT http_access allow vdsm acl_virthost http_access allow http port_80 acl_whitelist http_access allow CONNECT port_443 acl_whitelist ################################################################################ # Reverse proxy settings #https_port rhevm.dev.company.com:443 accel defaultsite=https://virtman.dev.company.com vhost http_port rhevm.dev.company.com:80 accel defaultsite=http://virtman.dev.company.com vhost # RHEV Manager cache_peer 10.1.102.34 parent 80 0 no-query originserver name=rhevman #cache_peer 10.1.102.34 parent 443 0 no-query originserver ssl name=rhevuser acl acl_rhevm dstdomain virtman.dev.company.com acl acl_srcrhevm srcdomain virtman.dev.company.com http_access allow acl_rhevm !acl_srcrhevm cache_peer_access rhevman allow acl_rhevm cache_peer_access rhevman deny all always_direct allow acl_rhevm ################################################################################ # Only the WSUS box can go to the windows update site acl acl_windowsupdate dstdomain .windowsupdate.com acl acl_wsus srcdomain wsus.dev.company.com http_access deny !acl_wsus acl_windowsupdate ################################################################################ # Normal proxy settings acl acl_intranet src 10.1.102.0/24 http_access allow acl_intranet ################################################################################ # Catch all http_access deny all cache_peer proxy.company.com parent 8200 7 no-query # Never go direct to the internet (use the BlueCoat) never_direct allow all --- Any ideas where I'm going wrong? TIA CC -- RHCE#805007969328369Received on Fri Apr 29 2011 - 05:22:20 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 29 2011 - 12:00:05 MDT