[squid-users] Reverse proxy and TUNNEL to same cache peer

Hariharan Sethuraman srnhari at gmail.com
Tue Aug 7 13:04:13 UTC 2018


Hi,

We have our company proxy and this is how the topology is expected to look
like for the deployment:

Client
-------------------squid-host.com---------------------------company-proxy------------Internet

Now I need to allow reverse proxy(3128) for some request from the client
and tunnel (3129) as well.

Configuration:
http_port 3128 accel allow-direct
http_port 3129
never_direct allow all
always_direct deny all
...
cache_peer company-proxy parent 80       0  no-query no-digest login=PASS
originserver
url_rewrite_access allow all
url_rewrite_program  /usr/bin/python ./rewriter_program.py

Usecases:

1) Reverse proxy: Now I can successfully get the response for the query
like curl -X GET http://squid-host.com:3128/microsoftapi/api/something.
Basically I rewrite URL to https://microsft.com/api/something and through
company-proxy I get the response successfully from e.g., microsoft.com.

2) Tunnel: It fails when the client do a query like curl -x
http://squid-host.com:3129 -X GET https://googlecloudapis.com/api/something
< HTTP/1.1 503 Service Unavailable
< Server: squid/3.5.20
< Mime-Version: 1.0
< Date: Tue, 07 Aug 2018 12:36:07 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 3879
< X-Squid-Error: ERR_CANNOT_FORWARD 0
< Vary: Accept-Language
< Content-Language: en
<
* The requested URL returned error: 503
* CONNECT phase completed!
* Connection #0 to host squidhostname.com left intact
Now, if I remove the origin server, the TUNNEL goes through and getting the
response but the reverse proxy fails.

Could you let me know how I can handle both tunneling and reverse proxy
through same cache peer?

Thanks,
Hari
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180807/6370a4fb/attachment.html>


More information about the squid-users mailing list