Re: Help in configuring & FreeBSD problem solution...

From: Anthony DeBoer <[email protected]>
Date: 2 Jun 1997 15:58:12 -0000

Helio Coelho Jr. <helio@compuland.com.br> writes:
> How can I define in squid.conf that all the requests for my domain to
> be handled direct ? Even if I set an access list, squid tries to retrieve.
> I'm using .htacess files in some directories, so they can only be reached
> by some ip addresses.
> The http log files shows that my proxy is always tring to retrieve, so
> apache always return access denied...

That's exactly it; the browser PC connects to the Squid server, which in
turn connects to your webserver. The webserver therefore sees all
connections as coming from the Squid server. There are a few possible
solutions.

Solution A is to persuade the browser to always connect directly to your
webserver. Using Netscape as an example, there's a "No proxy for" field
in the options area; if you enter "compuland.com.br" there, then all
queries for webservers in your domain will be attempted directly rather
than through the Squid proxy. How you'd do this (or even if it's
possible) varies from one browser to another, and even between Netscape
releases. This can be more complicated if you have a webserver in your
domain in front of a firewall, and have to use the proxy to get to it,
but you could enter the full name of your internal server in this box.

Solution B is to handle your access restrictions through ACL rules in
your Squid configuration. The webserver would be told to accept
connections from the Squid server, and the Squid server would have to
decide, based on the browser IP number, which users get to see pages from
your restricted server.

Solution C would be to use the HTTP password mechanism rather than basing
security on IP numbers. Neither is really strong security, but the
password mechanism is IMHO more flexible.

-- 
Anthony DeBoer <adb@geac.com>                    #include <std.disclaimer>
Received on Mon Jun 02 1997 - 10:13:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:21 MST