HPE Community
Operating System - Linux
1819872 Members
2737 Online
109607 Solutions
New Discussion юеВ

squid configuration

 
SOLVED
Go to solution
K.C. Chan
Trusted Contributor

тАО03-04-2004 12:38 PM

тАО03-04-2004 12:38 PM

squid configuration

all,
I have squid running w/one back end webserver. However, I want to use squid to proxy two back end webserver. So far I found out you have to set the following:
httpd_accel_host virtual
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Then restarted squid, but when accessing web site through squid server, I get acl access denied error. How do I config the acl rule so that any web traffic which come through this squid server gets directed to the back end web server. Thanks.
Reputation of a thousand years can be determined by the conduct of an hour
0 Kudos
Reply
9 REPLIES 9
Alexander Chuzhoy
Honored Contributor

тАО03-04-2004 06:53 PM

тАО03-04-2004 06:53 PM

Solution

Re: squid configuration

add a line for destination web servers:
example
acl web1 dst x.x.x.x/255.255.255.255

acl web2 dst x.x.x.x/255.255.255.255

acl world src 0.0.0.0/0.0.0.0

http_access allow world web1
http_access allow world web2

this should allow whole world's access to 2 specific addresses...

Don't forget to deny all unwanted traffic...
Reply
K.C. Chan
Trusted Contributor

тАО03-05-2004 07:55 AM

тАО03-05-2004 07:55 AM

Re: squid configuration

Alexander,
hmm looks good but how does squid distinguish what back end server should it be directing the traffic to, since http_accel_host is set to virtual? Is there some sort of maping it keeps to forward traffic to the backend server? Thanks.

Reputation of a thousand years can be determined by the conduct of an hour
0 Kudos
Reply
K.C. Chan
Trusted Contributor

тАО03-05-2004 09:09 AM

тАО03-05-2004 09:09 AM

Re: squid configuration

By the way the squid version is: squid-2.4.STABLE6-6.7.3
Reputation of a thousand years can be determined by the conduct of an hour
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

тАО03-06-2004 06:24 PM

тАО03-06-2004 06:24 PM

Re: squid configuration

If you give httpd_accel_host one IP, it will send all requests there. If
you give it 'virtual' it will look the host up in DNS and send the request
there. 'virtual' pretty much requres a local DNS



You can also use webmin utility (web based)- to configure squid (as well as many other services)...
Reply
K.C. Chan
Trusted Contributor

тАО03-07-2004 03:46 AM

тАО03-07-2004 03:46 AM

Re: squid configuration

I am getting this error:
The following error was encountered:

Unable to determine IP address from host name for 10.10.10.40

The dnsserver returned:

Name Error: The domain name does not exist.

This means that:

The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.

the ip dot 40 is my squid, the internal dns resolved the backend web server correctly. What cause this error and how can I fix it. Thanks.
Reputation of a thousand years can be determined by the conduct of an hour
0 Kudos
Reply
K.C. Chan
Trusted Contributor

тАО03-07-2004 04:11 AM

тАО03-07-2004 04:11 AM

Re: squid configuration

forgot to set "httpd_accel_single_host off". After settting it to off and restart squid, then access url, now I am getting this error:
While trying to retrieve the URL: http://10.10.10.40/xxxx/index.jsp

The following error was encountered:

* Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
checked log file, I got this:
TCP_NEGATIVE_HIT/403 1098 GET http://10.10.10.40/xxxx/index.jsp - NONE/- text/html

the ip "10.10.10.40" is the squid server, it should have been the ip of web1, which is "10.10.10.139", any idea?
Reputation of a thousand years can be determined by the conduct of an hour
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

тАО03-07-2004 04:22 AM

тАО03-07-2004 04:22 AM

Re: squid configuration

So the DNS server problem still exists?

Looks like the Proxy server is trying to locate the URL on itself.What happends if you type a FQDN in URL instead of IP?
0 Kudos
Reply
K.C. Chan
Trusted Contributor

тАО03-07-2004 05:03 AM

тАО03-07-2004 05:03 AM

Re: squid configuration

all, thanks for your help. I got it to work for the most part. It didn't work because I goofed, I forgot to set "httpd_accel_uses_host_header on".

on another note, I have a host abc.com which pub dns resloves to the squid server and I also have who.com which is set up in my pub dns and also resolves to squid server. But who.com is not resolvable by other dns yet. So I want to use abc.com, but here's the problem. Let say internal resolution of abc.com resolves to 10.10.10.45(doesn't serve up any web app) and who.com resolves to 10.10.10.48 (which is serves up web3). Is it possible to rewrite usrl http://abc.com/index.jsp to http://who.com/index.jsp before squid proxy it, so that it routes to proper web server. Does squid have this functionality? Thanks.
Reputation of a thousand years can be determined by the conduct of an hour
0 Kudos
Reply
Peeyush
Regular Advisor

тАО03-12-2004 10:21 AM

тАО03-12-2004 10:21 AM

Re: squid configuration

iam not good in iptable but hope this will worl

iptables -t mangle -A gforward -p tcp --dport 80 -d 10.10.10.45 -j MARK --set-mark 1
iptables -t nat -A gforward -p tcp --dport 80 -d 10.10.10.45 -j DNAT --to-destination 10.10.10.48:80
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT

regards
peeyush
http://geocities.com/peeyush_maurya/
any suggestion for my site.. http://geocities.com/peeyush_maurya/
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.