Re: [squid-users] Forcing Header in Reverse Proxy from Roman Gelfand on 2012-01-16 (squid-users)

From: Roman Gelfand <rgelfand2_at_gmail.com>
Date: Mon, 16 Jan 2012 10:15:36 -0500

I made several mistakes in my original post. So, I am rewriting it here...

I have setup configuration to forward requests to a backend server...

acl mail urlpath_regex ^/mesg
https_port 443 cert=/etc/certs/mail.pem key=/etc/certs/mail.key vhost vport
cache_peer mail.mydomain.com parent 80 0 no-query originserver
name=mail login=PASS
cache_peer_access mail allow mail
cache_peer_access mail deny all
http_access allow mail

The problem is host mail resolves to mesg.mydomain.com instead of
mail.mydomain.com. How can I force the header to be
mesg.mydomain.com?

On Mon, Jan 16, 2012 at 12:25 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 16/01/2012 5:36 p.m., Roman Gelfand wrote:
>>
>> I have setup configuration to forward requests to a backend server...
>>
>> acl dspam urlpath_regex ^/mesg
>> https_port 443 cert=/etc/certs/mail.pem key=/etc/certs/mail.key vhost
>> vport
>> cache_peer host.mydomain.com parent 80 0 no-query originserver
>> name=mail login=PASS
>> cache_peer_access mail allow mail
>
>
> You have omitted the definition for "mail". I will assume that it is defined
> right.
>
>> cache_peer_access mail deny all
>> never_direct allow !localnet
>
>
> never_direct is not relevant on reverse-proxy traffic.
>
>> http_access allow !localnet
>
>
> Um, permitting traffic from anywhere *except* LAN? Bit strange. Why not do
> the usual reverse-proxy config of "http_access allow mail"? it makes no
> difference to Squid where the traffic comes from so long as it is valid for
> the peers to receive.
>
>
>
>>
>> The problem is host mail resolves to mesg.mydomain.com instead of
>> mail.mydomain.com. How can I force the header to be
>> mesg.mydomain.com?
>
>
> Its not clear why you need to force anything. Surely the server at
> "host.mydomain.com" has been correctly setup to host all of the FQDN which
> are passed to it?
>
> Note that what the FQDN resolves to should be the Squid IP address. This
> resolution is done only by the client and is completely separate to the
> *textual* FQDN label which remains unchanged when passing through Squid to
> the server. The config demos show it using dstdomain to test the *textual*
> FQDN label for acceptible values instead of resolving the IP or other
> complex things by reason of domain FQDN being the most stable and dependable
> property of the traffic.
>
> Amos
Received on Mon Jan 16 2012 - 15:15:46 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 17 2012 - 12:00:03 MST