Having an issue with an inherited install of squid 2.7 running on Windows,
acting as a reverse proxy to an IIS box with multiple sites on it. The squid is
in our DMZ (pokes for 8085 and 8086 are in place), IIS is internal. The problem
I'm seeing is that squid is returning the content on port 8085 irrelevant of
whether I'm coming in on 8085 or 8086. I've spent a full day reading up on
squid and searching around for more info, and have come up with squat. Any
suggestions on what I've done wrong (probably with the cache_peer) would be
welcome! So, thanks in advance for helping out!
squid.conf is below.
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
#NETWORK
http_port 8085 transparent
http_port 8086 transparent
#Cache_MEM
memory_replacement_policy lru
cache_mem 512 MB
maximum_object_size_in_memory 4096 kb
#Cache_DISK
memory_replacement_policy lru
cache_dir ufs c:/squid/var/cache 512 16 256
maximum_object_size 8192 KB
#Cache tuning"ignore-no-cache" ignores the no cache header from AutoUpdate
refresh_pattern . 90 100% 180 reload-into-ims ignore-no-cache
#refresh_pattern . 90 100% 180 ignore-reload
#LOGGING
cache_store_log none
cache_log c:/squid/var/logs/cachelog.txt
access_log c:/squid/var/logs/access.txt squid
#ADMINISTRATIVE
#visible_hostname <ipaddress of squid system> <FQDN alias> <short name>
visible_hostname SQUID.INTERNAL.IP SQUID.EXTERNAL.HOSTNAME
SQUID.WINDOWS.HOSTNAME
unique_hostname SQUID.WINDOWS.HOSTNAME
#OPTIONS FOR AUTHENTICATION
acl all src 0.0.0.0/0.0.0.0
acl protocol proto HTTP
acl safe_ports port 8085
acl safe_ports port 8086
acl getonly method GET
http_access allow all
#Neighbor select Algorithm
#cache_peer <address of IIS system> <type> <listening port> <icp_port> no-query
originserver name=Accesslist
cache_peer IIS.SERVER.IP parent 8085 0 no-query originserver name=MyAccessList
cache_peer IIS.SERVER.IP parent 8086 0 no-query originserver name=MyAccessList2
cache_peer_access MyAccessList allow all
cache_peer_access MyAccessList2 allow all
cache_peer_access MyAccessList deny !protocol
cache_peer_access MyAccessList2 deny !protocol
cache_peer_access MyAccessList deny !safe_ports
cache_peer_access MyAccessList2 deny !safe_ports
cache_peer_access MyAccessList deny !getonly
cache_peer_access MyAccessList2 deny !getonly
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
Received on Tue Sep 28 2010 - 19:15:24 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 29 2010 - 12:00:04 MDT