What you are missing is a method for Squid to find the backend server
name for your accelerated domains, and thus it loops back on itself. My
recommended setup is to
1. Build Squid with --disable-internal-dns
2. Add your domains to /etc/hosts on the Squid machine, with the IP of
the real web server(s).
3. Configure Squid with
httpd_accel_host your.main.domain
httpd_accel_uses_host_header on
acl myservers dst ip.of.your.server ...[if more than one backend server]
acl http protocol http
acl port80 port 80
acl all src 0.0.0.0/0
http_access allow myservers http port80
http_access deny all
[plus any other directirectives as needed for cache, refresh rules and
so on]
Note: httpd_accel_host virtual is for IP virtual hosts, not domain based
hosts.
And yes, the httpd_accel_host directive is somewhat confusing in how it
works. It is probably a bad name for that directive, but has stayed from
the initial "accelerator" configuration mode where IP or host based
domains was not supported at all.. and which was a big hack to start
with...
-- Henrik Nordstrom Squid hacker Tom Parker wrote: > > Im getting the following error: > > 985178632.022 11 193.133.49.25 TCP_MISS/403 1091 GET http://dev.rooted.net/ > - DIRECT/dev.rooted.net text/html > 985178633.565 46 193.133.49.25 TCP_NEGATIVE_HIT/403 1098 GET > http://dev.rooted.net/ - NONE/- text/html > > Follows is a copy of my configuration: > > http_port 80 > #icp_port 0 > httpd_accel_host hydrogen.rooted.net > httpd_accel_port 80 > #httpd_accel_uses_host_header on > acl all src 0/0 > http_access allow all > > Any ideas? > Im trying to proxy multiple sites *without* using 'httpd_accel_host virtual'. > > Tom ParkerReceived on Fri Mar 23 2001 - 17:10:30 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:50 MST