[squid-users] Configuring squid reverse proxy

joseph jose joevypana at gmail.com
Wed Aug 12 13:16:39 UTC 2015 

thanks for the quick reply. Actually those lines are no commented out. and
ACL name is corrected.

The browser is on the proxy machine(10.0.0.1) who host file points
testsquid.com to 10.0.0.1 itself.

Squid which is in reverse mode listen to port 80 in 10.0.0.1 is grabbing
each request. but returning TCP_DENIED/403 for testsquid.com. Instead of
returning the webserver static index file

As you told i have one browser machine win7 machine. in which i edited host
file and set testsquid.com to 10.0.0.1(proxy machine ip)

But behaviour remains same.
below is my actual squid config

acl PURGE method purge
acl SSL_ports port 443 445 448 563 1024-65535
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl local_addresses dst "/usr/local/squid/etc/local_addresses.conf"
acl allowsquid dstdomain testsquid.com
httpd_suppress_version_string on
cache allow all
cache_effective_user nobody
cache_effective_group nobody
cache_log /usr/local/squid/var/logs/cache.1.100.log
cache_store_log none
half_closed_clients off
hierarchy_stoplist $ cgi ? & ; .asp .shtml localhost
http_access allow manager localhost
http_access allow allowsquid
http_access allow manager cachemgr
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access deny CONNECT local_addresses
http_access allow purge localhost
http_access allow purge cachemgr
http_access deny purge
http_access allow all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
log_icp_queries off
maximum_object_size 0 KB
maximum_object_size_in_memory 0 KB
request_header_max_size 64 KB
reply_header_max_size 64 KB
strip_query_terms off
uri_whitespace encode
visible_hostname squidproxy
icp_access allow all
http_port 10.0.0.1:80 accel defaultsite=testsquid.com
cache_peer 10.0.0.2 parent 80 0 no-query originserver name=squidtest
cache_peer_access squidtest allow allowsquid
cache_peer_access squidtest deny all
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

Is there anything faulty in my config?

Regards,

Joseph

On Wed, Aug 12, 2015 at 6:22 PM, Antony Stone <
Antony.Stone at squid.open.source.it> wrote:

> On Wednesday 12 August 2015 at 14:38:55, joseph jose wrote:
>
> > Hi,
> >
> > I have set up squid in reverse proxy mode to cache an apache webserver
> > hosted in linux vm.
> >
> > IP of my squid reverse proxy is 10.0.0.1 and 10.0.0.2 is the ip of
> > webserver which is also a linux vm
>
> Your squid server has only one interface and IP address?
>
> > my config is as follows
> >
> > #acl squidallow dstdomain testsquid.com
> > #
> > #
> > #http_port 10.0.0.1:80 accel defaultsite=testsquid.com
> > #
> > #
> > #cache_peer 10.0.0.2 parent 80 0 no-query originserver name=squidtest
> > #cache_peer_access squidtest allow allowsquid
>
> I sincerely hope you don't mean that these directives are all commented
> out,
> thus not having any effect?
>
> Even if they're not commented out, do you see the discrepancy between
> "squidallow" in the first line and "allowsquid" in the last?
>
> > In the squid proxy machine i have edited the host file and set
> > testsquid.com 10.0.0.1 (which is the ip of proxy machine itself), as
> proxy
> > is configured in reverse mode, it is supposed to serve the static page
> > from webserver (10.0.0.2).
>
> What's more important than /etc/hosts on the squid server is what machine
> you
> are running the browser on, and what does *that* machine resolve
> testsquid.com
> to?
>
> > But when i open browser and search for testsquid.com, squid is logging
> > request but returning a TCP_DENIED/403 status.
>
> Sounds like the browser is successfully seeing testsquid.com as 10.0.0.1,
> then, however you should be careful about trying to run tests like this on
> too
> few machines - you should have the browser on one machine, squid on a
> second,
> and the web server on a third (no matter whether any of these are real
> machines or VMs).
>
>
> Regards,
>
>
> Antony.
>
> --
> Users don't know what they want until they see what they get.
>
>                                                    Please reply to the
> list;
>                                                          please *don't* CC
> me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150812/54ab9220/attachment.html>

More information about the squid-users mailing list