I'm hoping someone can help me here. I'm a bit stumped. I recently
upgraded my Squid 3.1 to Squid 3.2.0.16, because I am attempting to be
able to have deny_info with the new URL formatting for my reverse
proxy configurations so that I can pass whatever someone uses with
http:// to be transformed automatically into https://.
Anyway, here's the problem I'm having -- after building and deploying
my squid 3.2 server successfully, I no longer am getting a redirect
performed at all on my browsers. Without changing the relevant
components of my squid.conf file from how they worked in 3.1, they
just aren't working in 3.2 at all.
Here's some details -- squid.conf contains the following:
> http_port 80 accel defaultsite=darkhelm.org
> ...
> cache_peer 10.18.75.1 parent 80 0 no-query originserver login=PASS name=xlorep
> acl sites_xlorep url_regex ^https://xlorep\.darkhelm\.org
> cache_peer_access xlorep allow sites_xlorep
> http_access allow sites_xlorep
> acl http_xlorep url_regex ^http://xlorep\.darkhelm\.org
> http_access deny http_xlorep
> deny_info https://xlorep.darkhelm.org http_xlorep
> ...
My build configuration is this:
> env build_alias=i686-linux-gnu \
> CFLAGS="-g -O2 -g -Wall -O2" \
> LDFLAGS= \
> CPPFLAGS= \
> CXXFLAGS="-g -O2 -g -Wall -O2" \
> ./configure \
> --build=i686-linux-gnu \
> --prefix=/usr \
> --includedir=/usr/include \
> --mandir=/usr/share/man \
> --infodir=/usr/share/info \
> --localstatedir=/var \
> --libexecdir=/usr/lib/squid3 \
> --disable-maintainer-mode \
> --disable-silent-rules \
> --srcdir=. \
> --datadir=/usr/share/squid3 \
> --sysconfdir=/etc/squid3 \
> --with-cppunit-basedir=/usr \
> --enable-optimizations \
> --enable-inline \
> --enable-async-io=8 \
> --enable-storeio=ufs,aufs,diskd \
> --enable-removal-policies=lru,heap \
> --enable-delay-pools \
> --enable-cache-digests \
> --enable-underscores \
> --enable-icap-client \
> --enable-follow-x-forwarded-for \
> --enable-auth \
> --enable-auth-basic \
> --enable-auth-ntlm \
> --enable-auth-digest \
> --enable-auth-negotiate \
> --enable-external-acl-helpers=ext_file_userip_acl,ext_ldap_group_acl,ext_session_acl,ext_unix_group_acl,ext_wbinfo_group_acl \
> --enable-arp-acl \
> --enable-esi \
> --disable-translation \
> --disable-devpoll \
> --with-logdir=/var/log/squid3 \
> --with-pidfile=/var/run/squid3.pid \
> --with-filedescriptors=65536 \
> --with-large-files \
> --with-default-user=proxy \
> --enable-ssl \
> --enable-linux-netfilter \
> --disable-ipv6
I'm running this all on a Debian Squeeze server.
When I telnet to the squid server, and make a get request for
http://xlorep.darkhelm.org, I get the following:
> root_at_morsh:/etc/squid3# telnet localhost 3128
> Trying ::1...
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> GET http://xlorep.darkhelm.org
> HTTP/1.1 302 Moved Temporarily
> Server: squid/3.2.0.16
> Mime-Version: 1.0
> Date: Wed, 21 Mar 2012 23:14:25 GMT
> Content-Type: text/html
> Content-Length: 0
> Location: https://xlorep.darkhelm.org
> X-Squid-Error: 403 Access Denied
> X-Cache: MISS from morsh
> X-Cache-Lookup: NONE from morsh:80
> Via: 1.1 morsh (squid/3.2.0.16)
> Connection: close
>
>
> Connection closed by foreign host.
which appears to me to be what I need it to be, a redirect request
that sends me to the corrected address.
However whenever I try to go there with a web browser, it just hangs,
and never actually gets redirected.
Right now, I just want it to simply redirect http:// to https:// for
my cache_peers. Can anyone help me?
"I'm not responcabel fer my comuter's spleling errnors" - Xlorep DarkHelm
Website: http://darkhelm.org
Received on Wed Mar 21 2012 - 23:20:57 MDT
This archive was generated by hypermail 2.2.0 : Thu Mar 22 2012 - 12:00:03 MDT