[squid-users] How to set up a reverse proxy using squid for a simplified scenario?

Amos Jeffries squid3 at treenet.co.nz
Sat Feb 10 18:09:25 UTC 2018


On 11/02/18 06:33, Peng Yu wrote:
> Hi,
> 
> I see the following blog about setting up a reverse proxy using squid.
> 
> http://derpturkey.com/squid-as-a-reverse-proxy/
> 
> But there seem to be more configurations than what I need.
> 
> For example, for the following line, I don't need to restrict the
> access to a specific domain.
> http_port 80 accel defaultsite=www.example.com

The above does not *restrict*. It sets a default value for Squid to use
when the Host header is missing from HTTP requests.


> 
> Instead, any access to the IP of the reverse proxy should be OK. In
> this sense, should I just use the following?
> 
> http_port 80 accel

You can if you want to. But be aware that any clients which omit the
Host header in their requests will be rejected by the proxy with an
error page.


> 
> Also, let's say I have two web servers server1 and server2 to be
> proxied. Since I don't use a domain, I am not sure how Step 3 should
> be adjusted.

By using other types of ACLs in an arrangement which meets your desired
mapping.

Please read the FAQ about how ACLs work. That includes a list of
different ACLs.
<http://wiki.squid-cache.org/SquidFaq/SquidAcl>


So far as you have stated that would be "cache_peer ... allow all".

Which is a very bad idea...

Be aware that the domain based config is itself a security layer to
prevent attackers and certain type of DoS reaching through the proxy to
attack the peers directly with bogus traffic. Using other types of ACLs,
particularly ones leading to "no restriction" like you describe make
your proxy and the origins all at risk for denial of service attacks.


What is your reason for wanting "no restrictions"?
 it could be that you actually need something very different to what you
are asking about.


> 
> I also do not want any restrictions to my reverse proxy. But I am not
> sure how Step 4 should be simplified.
> 
> Could anybody please let me know how to configure squid reverse proxy
> in my simplified scenario?

That tutorial is describing the simplest scenario possible with a
multiple peers in a reverse-proxy.

Yours is actually the more complicated scenario since you apparently
need some unusual ACL configuration.


Amos


More information about the squid-users mailing list