> -----Original Message-----
> From: Discussion Lists [mailto:discussions@lagraphico.com]
> Sent: Friday, January 14, 2005 8:59 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Redirecting internal sites problem
>
>
> All,
> I have squid set up to reverse-proxy a bunch of our internal websites to
> the Internet. I have listed all of the ones I want reverse-proxied in
> the httpd_accel_host line and everything seems to work great. Squid
> however, is reverse-proxying a host that I don't want it to, and I think
> it is because that host is available through DNS. Here are the rest of
> the options I specified:
>
> Httpd_accl_port 80
> Httpd_accel_single_host off
> Httpd_accel_with_proxy on
> Httpd_accel_uses_host_header on
>
> Since the servers have non-routable IP's, Squid is using our internal
> DNS servers (split DNS) to resolve the internal IP's to the external
> names). It is entirely likely that I bungled something above. Could
> any of you help me?
>
> Thanks!
It looks to me like you need some acls preventing your proxy from being used
as an open relay. Something along the lines of:
acl accel_hosts dstdomain "/path/to/text/file"
http_access allow accel_hosts
http_access deny all
The text file mentioned would list the hosts that you wish to accelerate,
one per line.
I have never set up a reverse-proxy, so it's very likely these acls are
incorrect, or non-optimal for this situation...
Chris
Received on Fri Jan 14 2005 - 12:20:11 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST