[squid-users] How to set up a reverse proxy using squid for a simplified scenario?

Peng Yu pengyu.ut at gmail.com
Mon Feb 12 11:40:20 UTC 2018


It is still not difficult to completely comprehend the squid document
to see how to modify the example at derpturkey.com for my following
scenario.

I have a bunch of forward proxy servers whose IPs are ip1 and ip2,
..., ip_n (using port 3128). The reverse proxy will use the
round-robin policy to forward each incoming request to one of these
forward proxies.

Do you mind giving me a minimal working configuration for my scenario?
Working means that the configure must be used directly without
modification (except domain names or IP addresses). Minimal means that
anything not relevant to my scenario should not be included in the
configuration.

BTW, to make sure make sure my understanding of forward proxy is
correct, could you confirm whether the proxies here are forward
proxies?

https://free-proxy-list.net/

On Sat, Feb 10, 2018 at 12:09 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 11/02/18 06:33, Peng Yu wrote:
>> Hi,
>>
>> I see the following blog about setting up a reverse proxy using squid.
>>
>> http://derpturkey.com/squid-as-a-reverse-proxy/
>>
>> But there seem to be more configurations than what I need.
>>
>> For example, for the following line, I don't need to restrict the
>> access to a specific domain.
>> http_port 80 accel defaultsite=www.example.com
>
> The above does not *restrict*. It sets a default value for Squid to use
> when the Host header is missing from HTTP requests.
>
>
>>
>> Instead, any access to the IP of the reverse proxy should be OK. In
>> this sense, should I just use the following?
>>
>> http_port 80 accel
>
> You can if you want to. But be aware that any clients which omit the
> Host header in their requests will be rejected by the proxy with an
> error page.
>
>
>>
>> Also, let's say I have two web servers server1 and server2 to be
>> proxied. Since I don't use a domain, I am not sure how Step 3 should
>> be adjusted.
>
> By using other types of ACLs in an arrangement which meets your desired
> mapping.
>
> Please read the FAQ about how ACLs work. That includes a list of
> different ACLs.
> <http://wiki.squid-cache.org/SquidFaq/SquidAcl>
>
>
> So far as you have stated that would be "cache_peer ... allow all".
>
> Which is a very bad idea...
>
> Be aware that the domain based config is itself a security layer to
> prevent attackers and certain type of DoS reaching through the proxy to
> attack the peers directly with bogus traffic. Using other types of ACLs,
> particularly ones leading to "no restriction" like you describe make
> your proxy and the origins all at risk for denial of service attacks.
>
>
> What is your reason for wanting "no restrictions"?
>  it could be that you actually need something very different to what you
> are asking about.
>
>
>>
>> I also do not want any restrictions to my reverse proxy. But I am not
>> sure how Step 4 should be simplified.
>>
>> Could anybody please let me know how to configure squid reverse proxy
>> in my simplified scenario?
>
> That tutorial is describing the simplest scenario possible with a
> multiple peers in a reverse-proxy.
>
> Yours is actually the more complicated scenario since you apparently
> need some unusual ACL configuration.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



-- 
Regards,
Peng


More information about the squid-users mailing list