Discussion Lists wrote:
>All,
>I set up a reverse proxy using squid 3.0. It works fine actually, but I
>wanted to run the config by you all to be sure I wasn't missing anything
>important. In particular, I am worried about commenting out the
>http_access deny all. I added an "allow all" setting, but I was
>wondering if there was a better way, and also if I am doing the below
>stuff correctly as well. Here's my setup:
>
>Outsideworld ---> Squid --->webserver
>
>-I am doing normal http port 80 reverse-proxying.
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl all src 0.0.0.0/0.0.0.0
> acl allowed_hosts src 10.0.5.0/255.255.255.0
>
> http_access deny manager all
> http_access allow allowed_hosts
># http_access deny all
>
> icp_access allow allowed_hosts
> icp_access deny all
>
> cache_dir ufs /usr/local/squid/var/cache 100 16 256
> cache_effective_user nobody
> cache_effective_group nobody
> visible_hostname Linux
>
>always_direct allow all
>http_port 192.168.1.79:80 defaultsite=www.test.in
>http_access allow all
>
>
Two things... First, Squid 3 is not release ready. It might catch your
hair on fire. Second, with that setup, (I think) you are running an
open proxy. Probably not what you want. Add another acl, like...
acl accelerated_host dst ip.of.webserver/32
...change the http_access line to read...
http_access allow accelerated host
...uncomment the http_access deny all, and remove the http_access allow
all, and you will be in much better shape.
Chris
Received on Tue Apr 04 2006 - 01:11:20 MDT
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT