The Squid server is working in accelerator / reverse proxy mode. That is
working. What is not working is the deny_info option. I need that to
work to redirect anyone coming from port 80 to be redirected to an https
address. As far as I can tell the deny_info option didn't change in 2.6.
Here is my config:
http_port 80
https_port 443 cert=/etc/squid/autotask.net-11-07.pem
key=/etc/squid/autotask.net_key-11-07.pem options=NO_SSLv2
cipher=DEFAULT:!EXPORT:!LOW defaultsite=qa3 acl QUERY urlpath_regex
cgi-bin \?
no_cache deny QUERY
acl JS url_regex .js$
no_cache deny JS
acl CSS url_regex .css$
no_cache deny CSS
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server auth_param basic
credentialsttl 2 hours #Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern -i \.jpg$ 0 100% 10080
refresh_pattern -i \.gif$ 0 100% 10080
refresh_pattern -i \.png$ 0 100% 10080
refresh_pattern -i \.bmp$ 0 100% 10080
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst
127.0.0.0/8 acl CONNECT method CONNECT acl port80 myport 80 acl port443
port 443 acl port563 port 563 acl TheOriginServer dst 192.168.60.40
#Recommended minimum configuration:
# Only allow cachemgr access from localhost http_access allow manager
localhost http_access deny manager http_access allow port563 http_access
allow port443 http_access deny port80 http_access allow TheOriginServer
http_access deny all http_reply_access allow all icp_access allow all
cache_peer 192.168.60.40 parent 80 0 no-query originserver
#2.4 Squid config next 4 lines
#httpd_accel_host 192.168.60.40
#httpd_accel_port 80
#httpd_accel_single_host on
#httpd_accle_with_proxy off
deny_info https://qa3/ port80
coredump_dir /var/spool/squid
visible_hostname qa3
logfile_rotate 9
negative_ttl 0 minutes
-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Wednesday, May 16, 2007 8:39 AM
To: Brad Taylor
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] deny_info Question
tis 2007-05-15 klockan 17:59 -0400 skrev Brad Taylor:
> I'm using Squid 2.6 STABLE6 the deny_info function in the below config
> worked in Squid 2.4 but is not working in 2.6 STABLE6. I get this
error
> message when going to http://192.168.60.19 (the squid server):
If you want to be able to use the Squid server as a web server then you
need accelerator / reverse proxy mode.
http://wiki.squid-cache.org/SquidFaq/ReverseProxy
The syntax how to use this is a bit different from earlier releases. See
the release notes. The examples in the FAQ is up to date.
Regards
Henrik
Received on Wed May 16 2007 - 07:47:36 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT