Re: [squid-users] Reverse proxy and redirect program

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 28 Feb 2003 17:05:53 +0100

This script does not work at all... exits immediately on the first
requests...

if return is replaced by print and the -p is taken away from the command
line it works much better..

Note: You can very easily test you perl script by just running it from
the command line and then type the URL you want to test followed by a
space and some character.. (actually Squid sends many fields after the
URL, but it does not matter for this test)

Regards
Henrik

fre 2003-02-28 klockan 15.57 skrev Jack:
> Hello Henrik,
>
> My configuration requirement is when user authenticate against domino web
> server it will sent new url
> http://squid.xyz.com/mail.xyz.com/mail/user.nsf back to the external user
> browser. That is returned as a request to
> squid.xyz.com. The trick is to get webmail use internal (private) DNS and to
> make this an http request, such as http:/mail.xyz.com/mail/user.nsf. So i
> used below perl script to url rewrite.
>
> #!/usr/bin/perl -p
> BEGIN { $|=1;}
> while ($url = <>) {
> @list = split("/", $url);
> $newurl="http:/";
> for($i=3;$i<@list;$i++) {
> $newurl=$newurl."/".$list[$i];
> }
> return "$newurl";
> }
>
> but it gets into loop my access log shows
> 1046356085.237 2 172.16.1.111 TCP_MISS/403 1022 GET
> http://squid.xyz.com/mail.xyz.com/mail/user.nsf - NONE/- -
> 1046356085.239 9 172.16.1.135 TCP_MISS/403 1051
> Ghetto://squid.xyz.com/mail.xyz.com/mail/user.nsf - DIRECT/172.16.1.111
> text/html
>
> Here 172.16.1.111 is ip address of squid server and 172.16.1.135 is client
> ip address
>
> For testing
> i used tried to browse some page directly as
> http://squid.xyz.com/172.16.1.10/mail/
>
> This should return http://172.16.1.10/mail index page but again it gives
> same error.
>
> I am not able to solve this problem. Is my perl script correct and do i need
> something in squid.conf
>
> Adv thanks and Regards,
> Jack
>
>
>
> > Seems your redirector did not rewrite the URL.
> >
> > Quick chec... nope. If given http://squid.xyz.com/james/ your redirector
> > gives the exact same URL back..
> >
> > [to tired to look into your perl program to tell why, but at least you
> > know where to look]
> >
> > Regards
> > Henrik
> >
> >
> > tor 2003-02-27 klockan 16.59 skrev Jack:
> > > Hello Henrik,
> > >
> > > My access.log shows
> > >
> > > 1046356085.237 2 172.16.1.111 TCP_MISS/403 1022 GET
> > > http://squid.xyz.com/james/ - NONE/- -
> > > 1046356085.239 9 172.16.1.135 TCP_MISS/403 1051 GET
> > > http://squid.xyz.com/james/ - DIRECT/172.16.1.111 text/html
> > >
> > > Here 172.16.1.111 is reverse proxy ip address(squid.xyz.com resolves to
> this
> > > ip address) and 172.16.1.135 is clients ip address.
> > >
> > > My access.log
> > > 2003/02/27 19:58:05| WARNING: Forwarding loop detected for:
> > > GET /james/ HTTP/1.0^M
> > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> > > application/msword,
> > > application/vnd.ms-excel, */*^M
> > > Accept-Language: en-us^M
> > > Accept-Encoding: gzip, deflate^M
> > > User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)^M
> > > Via: 1.1 squid:80 (Squid/2.4.STABLE7)^M
> > > X-Forwarded-For: 172.16.1.135^M
> > > Host: squid.xyz.com^M
> > > Cache-Control: max-age=259200^M
> > > Connection: keep-alive^M
> > >
> > > My exact requirement is i want to run running reverse proxy for domino
> web
> > > server.
> > >
> > > Regards,
> > > Jack
> > >
> > >
> > >
> > >
> > >
> > > > tor 2003-02-27 klockan 11.27 skrev Jack:
> > > >
> > > > > if squid receives squid.xyz.com/jack/ then it should redirect to
> > > 172.16.1.10
> > > > > web server and for squid.xyz.com/james it should redirect to
> 172.16.1.11
> > > > >
> > > > > So redir.pl looks like
> > > > >
> > > > > #!/usr/bin/perl -p
> > > > > BEGIN { $|=1;}
> > > > > s%http://squid.xyz.com/jack/\b%http://172.16.1.10/test/% && next;
> > > > > s%http://squid.xyz.com/james/\b%http://172.16.1.11% && next;
> > > > >
> > > > > When i try this setup i get access denied page from squid
> > > >
> > > > What do you get in access.log?
> > > >
> > > > Anything in cache.log?
> > > >
> > > > > even though i set
> > > > > http_access allow all
> > > >
> > > > don't. doing so will create an open proxy for which is is only a
> matter
> > > > of minutes before it gets abused by various hackers..
> > > >
> > > >
> > > > Accelerators SHOULD ALWAYS set up access control limit which
> > > > destinations is allowed to be reached.
> > > >
> > > > --
> > > > Henrik Nordstrom <hno@squid-cache.org>
> > > > MARA Systems AB, Sweden
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Everything you'll ever need on one web page
> > > from News and Sport to Email and Music Charts
> > > http://uk.my.yahoo.com
> > --
> > Henrik Nordstrom <hno@squid-cache.org>
> > MARA Systems AB, Sweden
>
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden
Received on Fri Feb 28 2003 - 09:06:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:45 MST