Re: [squid-users] Help with accelerated site

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 28 Mar 2010 23:12:36 +0000

On Sun, 28 Mar 2010 23:37:38 +0100, "Adam_at_Gmail" <adbasque_at_googlemail.com>
wrote:
> Hi Ron thanks again for your reply
> No I think you're a little confused here
> I have one network at the moment and is the 192.168.1.0
>
> My Router and proxy are both on the same machine which is 192.168.1.4
> My backend server is on 192.168.1.3
> Two different machines but on the same network
>
> However if I use this
>
> http_port 80 accel vhost defaultsite=www.mysite.org
> cache_peer 192.168.1.3 parent 81 originserver name=whatever
> But the probleme is elsewhere because if I use
> http_port 3128 vhost I can access my website both from inside my network
> and
> from the internet
> If I use
> http_port 3128 without the vhost my network clients can access the
> "Internet" but I can't access my websites (backend server)
> This is the situation right now.

Right. Okay. STOP touching the reverse-proxy parts of the config.
You have them working.

 "http_port 3128" should stay with no other special flags.

In the config you posted earlier you had these lines:

 acl localnet src 10.0.0.0/8
 acl localnet src 172.16.0.0/12
 acl our_network 192.168.1.0/24
 
 http_access allow manager localhost
 http_access deny manager
 
 http_access allow localnet
 http_access deny all
 
 http_access allow our_network
 http_access deny all

If you read them top to bottom the way Squid reads them you will clearly
see that you have a "deny all" right in the middle. This does exactly what
it says denies ALL access to things which are not permitted above it.

You need to remove the "our_network" ACL completely and adjust the
"localnet" ACL as per the default config instructions so that it only
specifies your internal LAN IP address range(s).

Amos
Received on Sun Mar 28 2010 - 23:12:42 MDT

This archive was generated by hypermail 2.2.0 : Mon Mar 29 2010 - 12:00:06 MDT