On 01/05/11 15:41, Gary K wrote:
> Hi Amos,
>
> Thank you for your reply!
> Any method when received http go to squid cache, when received https
> redirect to web server directly?
>
Multiple concepts clash in your statement...
"squid cache" -> storage component of Squid
"redirect" -> HTTP 301, 302, 303 or 307 message
"web server direct" -> use global DNS to locate web service
The config I gave you earlier prevents Squid proxy using Squid cache
component to service the HTTPS requests.
Reverse proxy HTTPS can redirect to web server HTTP with:
acl HTTPS proto HTTPS
deny_info http://example.com/ HTTPS
http_access deny HTTPS
Making Squid reverse proxy go direct to web servers instead of using
cache_peer is unsafe. Normal reverse proxy configuration has cache_peer
entires to pass the requests to web servers without using global DNS.
Reading between the lines I suspect you mean passing HTTP traffic to
Squid and HTTPS not to Squid?
Reverse proxy has gobal DNS pointing a whole domain at Squid IP. You can:
(at DNS level) configure with a different domain
(ie http://www.example.com/ and https://ssl.example.com/)
OR
(at packet level) forward/route port 443 from Squid box to the web
server box instead of configuring squid https_port.
OR
(at service level) have Squid listening on port 80 and web server on
port 443 on the Squid box.
Any of this helpful?
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1Received on Sun May 01 2011 - 04:09:42 MDT
This archive was generated by hypermail 2.2.0 : Sun May 01 2011 - 12:00:05 MDT