Re: [squid-users] Reverse proxy and redirect program

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 27 Feb 2003 17:01:16 +0100

Seems your redirector did not rewrite the URL.

Quick chec... nope. If given http://squid.xyz.com/james/ your redirector
gives the exact same URL back..

[to tired to look into your perl program to tell why, but at least you
know where to look]

Regards
Henrik

tor 2003-02-27 klockan 16.59 skrev Jack:
> Hello Henrik,
>
> My access.log shows
>
> 1046356085.237 2 172.16.1.111 TCP_MISS/403 1022 GET
> http://squid.xyz.com/james/ - NONE/- -
> 1046356085.239 9 172.16.1.135 TCP_MISS/403 1051 GET
> http://squid.xyz.com/james/ - DIRECT/172.16.1.111 text/html
>
> Here 172.16.1.111 is reverse proxy ip address(squid.xyz.com resolves to this
> ip address) and 172.16.1.135 is clients ip address.
>
> My access.log
> 2003/02/27 19:58:05| WARNING: Forwarding loop detected for:
> GET /james/ HTTP/1.0^M
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> application/msword,
> application/vnd.ms-excel, */*^M
> Accept-Language: en-us^M
> Accept-Encoding: gzip, deflate^M
> User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)^M
> Via: 1.1 squid:80 (Squid/2.4.STABLE7)^M
> X-Forwarded-For: 172.16.1.135^M
> Host: squid.xyz.com^M
> Cache-Control: max-age=259200^M
> Connection: keep-alive^M
>
> My exact requirement is i want to run running reverse proxy for domino web
> server.
>
> Regards,
> Jack
>
>
>
>
>
> > tor 2003-02-27 klockan 11.27 skrev Jack:
> >
> > > if squid receives squid.xyz.com/jack/ then it should redirect to
> 172.16.1.10
> > > web server and for squid.xyz.com/james it should redirect to 172.16.1.11
> > >
> > > So redir.pl looks like
> > >
> > > #!/usr/bin/perl -p
> > > BEGIN { $|=1;}
> > > s%http://squid.xyz.com/jack/\b%http://172.16.1.10/test/% && next;
> > > s%http://squid.xyz.com/james/\b%http://172.16.1.11% && next;
> > >
> > > When i try this setup i get access denied page from squid
> >
> > What do you get in access.log?
> >
> > Anything in cache.log?
> >
> > > even though i set
> > > http_access allow all
> >
> > don't. doing so will create an open proxy for which is is only a matter
> > of minutes before it gets abused by various hackers..
> >
> >
> > Accelerators SHOULD ALWAYS set up access control limit which
> > destinations is allowed to be reached.
> >
> > --
> > Henrik Nordstrom <hno@squid-cache.org>
> > MARA Systems AB, Sweden
>
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden
Received on Thu Feb 27 2003 - 09:01:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:45 MST