[squid-users] Squid going through another forward proxy

Hector Chan hectorchan at gmail.com
Sat Nov 22 00:15:51 UTC 2014 

Hi Amos,

For the following cache_peer:

> cache_peer forward-proxy.example.com parent 3128 0 name=C

Would squid do the proper HTTP CONNECT before forwarding the request there ?

Thanks,
Hector

On Thu, Nov 13, 2014 at 10:35 PM, Amos Jeffries <squid3 at treenet.co.nz>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 14/11/2014 6:22 p.m., Hector Chan wrote:
> > Hi Amos,
> >
> >> those lines you specify above go in (C). *if* they are needed at
> >> all.
> >
> > But I don't have control over (C).  It's off limits.
>
> Then you have to trust that the admin in charge of it set it up right.
>
> >
> >> In (B) goes:
> >>
> >> cache_peer forward-proxy.example.com parent 3128 0 name=C
> >>
> >> acl sendToC dstdomain origin-x.example.com origin-y.example.com
> > origin-z.example.com
> >> cache_peer_access C sendToC
> >
> > The requests reaching (B) (reverse-proxy.example.com) are in the
> > form: http://reverse-proxy.example.com/goto-origin-x
> > http://reverse-proxy.example.com/goto-origin-y
> > http://reverse-proxy.example.com/goto-origin-z
> >
> > and I have a couple of cache_peer_access acls (urlpath regex) to
> > send them to origin-x, origin-y, and origin-z.  How would the above
> > dstdomain acl work with these rules?
>
> You have now stopped using HTTP and started using some strange
> URL-embeded protocol.
>
> An HTTP proxy cannot help you there. You require a proxy that
> understands and acts on the URL-embeded protocol messages.
>
> It is possible to extend Squid with URL-rewrite helpers that can
> translate it into different HTTP URL for passing to (C). BUT, there is
> no guarantee of what origin (C) will use to fetch that resource. You
> have to *trust* that (C) uses the origin best suited to any request
> that it is given, according to the criteria its own admin has set for
> "best".
>
> Amos
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJUZaKVAAoJELJo5wb/XPRjdpQH/iBh1HQcAZQr0gqK7FS8nZ9x
> v0fzAOx/L0HCG5MTT7drwvvEVltxMRYoVniM8VJSqUw3cFAlI+2VEScIr3oOFjcr
> qAdjxyjer7sxVgmQM80Oa+n40RK7mvZejvhEV9/0Gc0XTmAjL3PrBptKpumslhVh
> rq40LUX50rg5xaAfA02WCy4mYS99uH7qBABWIXeeESVdvGLVRTaTlthqaKW8JTFh
> pjmS9OKVnk5CeEi6cyJ8VV7edBOgv2rpgUH8Wjap66mmIjVHq8alNU53obRAMk7p
> Pd/bPfPFERnoBymbYmYfFBd3Mfddgc49Wpz9gggAWgXE8bq6CbXQHpj5GvUayaE=
> =mS+q
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141121/b4be3edf/attachment.html>

More information about the squid-users mailing list