Re: [squid-users] An IP with multiple domains

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 22 Feb 2010 18:26:12 +1300

Chyi 1235 wrote:
> thx so much but i nd www3 as i'm using squid to serve as a
> geographical best web surfing experience. as users from different
> region uses different squid proxy. or maybe can u suggest a better
> solution and more economical? in future i may also need to build a
> anti ddos filter at the proxy servers as occasionally the main servers
> being attacked by china users. thx again for your valuable time in
> answering my queation.

You have a couple of choices (in order of simplicity):

  * make the web server aware of the www3 virtual host same as the www
host. (less efficient than the two below, but easier to get going)

  * Using anycast IPs for the site. Serviced from all gateway machines.

  * GeoIP based DNS results.

  * re-writing the URLs in Squid results.

PS: Squid has several anti-DDoS features built in and active by default.
Simply using it will add a large measure of protection.
  Careful tuning of the access controls can provide additional DDoS
resilience.

>
> On Feb 21, 2010, at 5:25 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>> Chyi wrote:
>>> How do I setup squid to point to an IP which have multiple domains?
>>> The scenario as follows:
>>> 1. www3.mainsite.com proxied to www.mainsite.com hosted on a
>>> dedicated
>>> ip. (success)
>>> 2. www3.newsite.com proxied to www.newsite.com which hosted on a
>>> shared ip. (failed)
>> I really suggest getting away form that www3 subdomain thing. Squid
>> is designed to work best when the domain can be passed through to
>> the origin server without having to change things.
>>
>> It is by far easier and less complex to maintain when the backend
>> server knows exactly what its providing to the public.
>>
>>
>>> 3. All dns is externally managed at www.everydns.net
>> You are aware of their pending merger and the upcoming alterations?
>>
>>> How do i solve this? Am using acce vhost at the moment and very new
>>> to
>>> linux and squid.
>>> Thanks.
>>> C
>>
>> Setup the squid according to the 'virtual hosting' reverse proxy
>> example here. http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting
>>
>> You need a cache_peer entry per backend server.
>>
>> If one server handles multiple of the domains, just list them all
>> together in the one dstdomain ACL used for that server.
>>
>> If you can drop the www3 alternatives, the above alone is enough to
>> get a strong system running for any website. Otherwise you are stuck
>> with a complex setup, usually involving url-rewriters, which
>> introduce all sorts of limits on what code the website authors can
>> use.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
   Current Beta Squid 3.1.0.16
Received on Mon Feb 22 2010 - 05:26:24 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 22 2010 - 12:00:05 MST