[squid-users] Squid going through another forward proxy
Amos Jeffries
squid3 at treenet.co.nz
Fri Nov 14 06:35:02 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 14/11/2014 6:22 p.m., Hector Chan wrote:
> Hi Amos,
>
>> those lines you specify above go in (C). *if* they are needed at
>> all.
>
> But I don't have control over (C). It's off limits.
Then you have to trust that the admin in charge of it set it up right.
>
>> In (B) goes:
>>
>> cache_peer forward-proxy.example.com parent 3128 0 name=C
>>
>> acl sendToC dstdomain origin-x.example.com origin-y.example.com
> origin-z.example.com
>> cache_peer_access C sendToC
>
> The requests reaching (B) (reverse-proxy.example.com) are in the
> form: http://reverse-proxy.example.com/goto-origin-x
> http://reverse-proxy.example.com/goto-origin-y
> http://reverse-proxy.example.com/goto-origin-z
>
> and I have a couple of cache_peer_access acls (urlpath regex) to
> send them to origin-x, origin-y, and origin-z. How would the above
> dstdomain acl work with these rules?
You have now stopped using HTTP and started using some strange
URL-embeded protocol.
An HTTP proxy cannot help you there. You require a proxy that
understands and acts on the URL-embeded protocol messages.
It is possible to extend Squid with URL-rewrite helpers that can
translate it into different HTTP URL for passing to (C). BUT, there is
no guarantee of what origin (C) will use to fetch that resource. You
have to *trust* that (C) uses the origin best suited to any request
that it is given, according to the criteria its own admin has set for
"best".
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUZaKVAAoJELJo5wb/XPRjdpQH/iBh1HQcAZQr0gqK7FS8nZ9x
v0fzAOx/L0HCG5MTT7drwvvEVltxMRYoVniM8VJSqUw3cFAlI+2VEScIr3oOFjcr
qAdjxyjer7sxVgmQM80Oa+n40RK7mvZejvhEV9/0Gc0XTmAjL3PrBptKpumslhVh
rq40LUX50rg5xaAfA02WCy4mYS99uH7qBABWIXeeESVdvGLVRTaTlthqaKW8JTFh
pjmS9OKVnk5CeEi6cyJ8VV7edBOgv2rpgUH8Wjap66mmIjVHq8alNU53obRAMk7p
Pd/bPfPFERnoBymbYmYfFBd3Mfddgc49Wpz9gggAWgXE8bq6CbXQHpj5GvUayaE=
=mS+q
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list