[squid-users] Reverse proxy with HTTPS
Amos Jeffries
squid3 at treenet.co.nz
Fri Mar 3 16:06:58 UTC 2017
On 4/03/2017 4:58 a.m., sothy shan wrote:
> I changed the configuration
> ++++++++++++++++++++++++++++++++++++
> http_port 192.168.1.69:80 accel defaultsite=www.AAAAA.com
> cache_peer 192.168.1.31 parent 80 0 no-query originserver
>
>
> http_access allow all
> ++++++++++++++++++++++++++++++++++++++++++
> It worked well now for HTTP reverse proxy.
"allow all" is *BAD*. Your server just delivered successful relayed
responses when I asked it for google.com, example.com and some other
domains which do not belong to you.
It is an open-proxy, not a reverse-proxy.
You should know what domains your system is serving and keep the
dstdomain ACL to allow only that traffic through the proxy.
My point earlier was that you need to choose your method of configuring
the Squid ports. Either use the -a command option, or http_port. Do not
use both for the same port number.
I suggest removing the -a use, since it cannot be used to configure
reverse-proxy port options.
Amos
More information about the squid-users
mailing list