Re: [squid-users] Reverse proxy with Url path problem from Amos Jeffries on 2011-07-14 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 15 Jul 2011 00:58:29 +1200

On 14/07/11 21:59, Pschittt wrote:
> Hi,
>
> i'd like to use Squid as a reverse proxy, in front of multiple web servers.
>
> When I want to access : http://mywebserver/serv1, i want Squid to be
> able to redirect the url to http://192.168.2.1:2048. and to be
> transparent for the users (the users should not see 192.168.2.1:2048
> but http://mywebserver/serv1).

"redirect" is a bad word to use then. In HTTP terminology it meas the
act of telling the client a new URL to be tried. "pass" would be a
better word for what you want. see the config changes below.

Squid is supposed to be transparent for both uses and the server, thus
the /serv is left on the URL and 192.168.2.1:2048 should never be added
into it when things are working well.

The best thing to do is make the server handle the /serv1 prefix
cleanly. That way it will be able to generate URLs properly for the
client in its public replies.

The giant workaround hack if you really, really have no other choice is
to use a url_rewrite_program to map the received URL to a different one
sent to the server. Then cross your fingers and pray that the server
never generates any absolute, canonical or relative format URL embedded
anywhere the clients can see or make use of.

>
> I used an acl urlpath_regex to filter, but i don't get to make it
> fully functionnal.
>
> I get this:
> http://mywebserver/serv1 --> http://192.168.2.1:2048/serv1 instead of
> http://192.168.2.1:2048/
>
> Thanks for your help.
>
> Here is my conf file :
> http_port 80

http_port 80 accel vhost defaultsite=mywebserver.example.com

NP: defaultsite=mywebserver.example.com provides the public domain name
to assume when the client fails to send one properly.

> acl serv1 urlpath_regex ^/serv1
> acl all src

acl all src all

or in Squid-3.x remove completely.

> cache_peer 192.168.2.1 parent 2048 0 no-query originserver name=server1
> cache_peer_access server1 allow serv1
> cache_peer_access server1 deny all
> http_access allow all

Remove that "allow all" again.

Use:
acl mywebsite dstdomain mywebserver.example.com
http_access allow mywebsite

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for 3.2.0.9

Received on Thu Jul 14 2011 - 12:58:40 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 14 2011 - 12:00:02 MDT