[squid-users] Change url_rewrite_program problem

Amos Jeffries squid3 at treenet.co.nz
Wed Aug 26 00:24:36 UTC 2015

On 26/08/2015 1:48 a.m., Hicham Berni wrote:
> Hi Eliezer,
> Thanks you for feedback,
>     • Squid version installed is2.6.STABLE21  and may be this version not
> handling these requests correctly ?

This setup is very normal and these are teh simple its. So it should
work with your Squid. BUT, 2.6 is the very first version of Squid that
did virtual hosting in the modern way. Some parts have been improved in
the years since the feature was first added. So YMMV a little.

On the other hand 2.6 went EOL way, way, back in May 2008.

It only speaks HTTP/1.0 and a little bit of HTTP/1.1. Most of what
happens in The Internet these days will either break or bypass it.

The TLS/SSL parts of HTTPS are entirely offloaded to your system OpenSSL
library. So any failures there are outside Squid. It could simply be
that the library is trying to speak SSLv2 or some other ancient thing
that the browsers reject.

> setting for cache peer :
> http_port 80 accel defaultsite=add.ptr.lu  vhost
> https_port 443 cert=/root/add.ptr.lu.pem key=/root/add.ptr.lu.key accel
> defaultsite=add.ptr.lu vhost
> cache_peer parent 8000 0 no-query originserver
> front-end-https=on name=ProdAccel
> cache_peer parent 8001 0 no-query originserver name=TestAccel

There is some missing config:

 acl HTTPS proto HTTPS

 cache_peer_access ProdAccel allow HTTPS
 cache_peer_access ProdAccel deny all

 cache_peer_access TestAccel allow !HTTPS
 cache_peer_access TestAccel deny all

That will make the requests go to the right backend server. :-)

>     • From access logs, we do not see any TCP_DENIED log event for the '
> add.ptr.lu' request.
>> 2015/06/12 17:11:36| Starting Squid Cache version 2.6.STABLE21 for
> i686-redhat-linux-gnu... > 2015/06/12 17:11:36| Process ID 3897 > ... >
> 2015/06/12 17:11:36| Accepting accelerated HTTP connections at,
> port 8000, FD 18. > 2015/06/12 17:11:36| Accepting proxy HTTP connections
> at, port 3128, FD 19. > 2015/06/12 17:11:36| Accepting HTTPS
> connections at, port 443, FD 20. > 2015/06/12 17:11:36| Accepting
> ICP messages at, port 3130, FD 21. > 2015/06/12 17:11:36| WCCP
> Disabled. > 2015/06/12 17:11:36| Configuring Parent >
> 2015/06/12 17:11:36| Configuring Parent

That is not the access.log transaction log. That is the cache.log debug
log for critical/important service failures. All that says is that your
Squid is running okay *as a program*.

>     • Port 8000 is the port using for backend  webserver
>     • So I try to access from external , I try https://add.ptr.lu , I
> receive a issue with new url https://add.ptr.lu:8000/register
>     So I supposed that it cannot return with this url

Your Squid is not listening on port 8000. You cannot make requests for
that URL and expect them to go through Squid.

The port 8000/8001 detail is just for the private TCP connection between
Squid and the peers. It is not part of the HTTP(S) messages or URLs.

You need the backend servers to accept and service
http://add.ptr.lu/register. And generate relative-URLs.


More information about the squid-users mailing list