Sherif Diaa El-Din - Email wrote:
> I installed ip-filter package on solaris 2.4 and added the rule in ipnat
> rdr le0 0.0.0.0/0 80 -> <localhost> port 3128 tcp
...
> http_port 3128
> icp_port 3130
> httpd_accel virtual 3128
> httpd_accel_with_proxy on
add "httpd_accel_uses_host_header on" here... If a Host: header is
available in the request then it should be used (that's why you applied
the patch in the first place).
> now requests try to contact the httpd server on port 80 on
> localhost, but since there isn't one installed , squid returns
> error message connection refused to the ip of the same solaris
> machine , seems it does not understand that a remote host is
> the one requested
The standard "virtual-support" code in Squid requires that getsockname()
returns the intended destination address. If this is not true for your
"reverse-NAT" package then you have to hack the squid sources somewhat
to get the correct destination IP. I know others have done this for
IP-Filter, but I have not seen any Squid patches.. Anyone using
httpd_accel virtual and ipfilter and willing to share the
implementation?
Until virtual support is available for your NAT package:
* Only 1.0++ browsers (sending Host: header which is a 1.1 feature) can
be supported, since if there is no Host: header, and Squid can't get the
correct destination address from the connection then it is very hard for
Squid to know where to go..
* You need a special page for the users with old browsers, telling them
than they need to upgrade to a new browser (and how to do that). Put
this page (and browser upgrade files) in a special directory on one of
your web servers (http://www.here.com/broserupgrades/... in the
example).
* Recommended squid.conf if httpd_accel virtual can't be supported on
your platform:
httpd_accel oldbrowser 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
A small redirector that redirects oldbrowser to the special page,
allowing them to also download the browser upgrades:
#!/usr/local/bin/perl
$|=1;
$upgradeserver="www.here.com";
$upgradenotice="http://www.here.com/browserupgrades/upgrade.html";
while(<>) {
if ( m%^http://oldbrowser:80/% ) {
if ( m%http://oldbrowser:80/broserupgrades/r% ) {
# Browser upgrades are available from
# http://www.here.com/browserupgrades/...
s%oldbrowser%$upgradeserver%;
next;
} else {
# On all other unknown files, return the upgrade page
s/^[^ ]*/$upgradenotice/;
}
}
} continue {
print;
}
--- Henrik Nordström Sparetime Squid HackerReceived on Mon Mar 23 1998 - 14:37:56 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:26 MST