Re: [squid-users] SQUID Reverse Proxy not forwarding requests to Apache web server

From: Roman Gelfand <rgelfand2_at_gmail.com>
Date: Mon, 2 Jan 2012 13:33:49 -0500

Now, you got me curious.

k.. I would the reverse proxy to control which server a web request
1) in case of https, forwarded to a web server box based on path 2)
in case of http, forwarded based on url and/or path.

Please, let me know if this is doable with squid. If so, by all
means, I would like to use squid. If you, have an example, I would
greatly appreciate it.

BTW... if 2) could be done with ssl, I would appreciate an example.

Thanks for your help.

On Mon, Jan
 2, 2012 at 10:16 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 2/01/2012 1:52 p.m., Roman Gelfand wrote:
>>
>> My squid server 3.1.6 sits in dmz.  On this server, I am running
>> apache server 2.2.9.  My goal is to a) cash owa responses b) forward
>> https owa requests to the Apache server on port 8443 c) The Apache
>> server forwards the request to internal exchange server.
>
>
> Why bother with relaying it through Apache? Squid does the job of being a
> proxy better than Apache web server can. Particularly since you already have
> the traffic going through a Squid.
>
>
>>
>> Below, is my squid reverse proxy configuration.  The domain
>> webmail.mydomain.com resolves to the of external interface of the
>> exchange server.  However, I am saying, in configuration, that
>> cache_peer is localhost.  Nevertheless, the https request is never
>> forwarded to apache server.  Rather, it is going directly to the
>> external interface of the exchange server.
>>
>> Where am I going wrong here?
>
>
> You have not provided any info about what the client traffic is actually
> requesting and what the Apache server is responding with when squid tries to
> pass the requests there.
>
> You are missing the cache_peer_access rules to limit what traffic goes
> through Apache. So everything will be attempted.
>
> You are missing never_direct rules denying Squid direct contact with the
> requested domain server.
>
>
>>
>> hierarchy_stoplist cgi-bin
>> acl QUERY urlpath_regex cgi-bin
>> shutdown_lifetime 1 second
>> visible_hostname webmail.mydomain.com
>>
>> #1GB disk cache
>> cache_dir ufs /usr/local/squid/var/cache 1024 16 256
>>
>> maximum_object_size 5 MB
>> cache_mem 1024 MB
>> cache_swap_low 90
>> cache_swap_high 95
>> maximum_object_size_in_memory 512 KB
>>
>> cache_replacement_policy heap LFUDA
>> memory_replacement_policy heap LFUDA
>>
>> https_port 443 cert=/etc/apache2/certs/pkey.pem
>> key=/etc/apache2/certs/sitecert.key vhost vport
>> cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver
>> sslflags=DONT_VERIFY_PEER front-end-https login=PASS
>>
>> Thanks in advance
>
>
Received on Mon Jan 02 2012 - 18:33:57 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 04 2012 - 12:00:04 MST