Re: [squid-users] Newbie question

From: Eric Roby <[email protected]>
Date: Mon, 22 Apr 2002 08:03:13 -0500

Igor,

We are in the process of configuring Squid to (initially) be an accelerator
for our Zope's and tomcat servlet container. One of the Squid configuration
options we opted for is to use Squirm as a redirector for Squid. You can
setup regex rules in squirm (and test their validity ouside Squid) that will
allow you to handle the port/address issues you are talking about (on Zope).
The one thing you MUST do on the Zope server is create a VirtualHostMonster
object in the root of you ZODB. This will allow you to send VirtualHostBase
and VirtualHostPath directives to Zope and the VHM will do the magic with any
objects that use a BASEx, absolute_url etc. It works well for us (except we
had to modify Squirm and re-compile it so it would handle form POST functions
correctly). Ultimately we are setting Squid up to handle SSL for the ZMI and
later this year leverage ICP between Squid and ZEO clientstorages. I don't
know whether IIS has a similar configuration option ... so I can't help you
there.

Some Zope references that might help you ...

www.zope.org/Members/bowerymarc/squid-zserver-virtual
www.zope.org/Members/htrd/howto/squid

Hope This Helps...

Eric

Simon White wrote:

> 22-Apr-02 at 11:26, Igor Leturia (IGOR@emun.com) wrote :
> > Right, but if I make Squid listen to ports 81 and 8080, then I can't
> > bind those ports to Zope and IIS. Besides, even if it was Squid who
> > listened to those ports, it's the clients who have firewalls that block
> > all traffic except on port 80.
>
> Good point. I should drink my coffee before replying to the list (note
> that you should reply to the list too, instead of direct to me).
>
> Well if you have absolute URLs with port references in the pages, you are
> pretty much stuck, because the client will try to access these ports,
> rather than Squid or any other proxy. The only "hack" I can think of is
> for clients accessing your site to manually set the proxy to your
> accelerator on port 80, then all their requests will go to that port and
> Squid will forward the requests correctly, as if it were a proxy. You must
> make sure that the proxy is tightened so that it will only serve requests
> for your site, and not for any others, to avoid it being abused.
>
> If you have a public service which uses ports other than 80, then
> automatically you are faced with this problem... I can't see too many ways
> around it, since you can redirect requests once they get to you, but you
> can't redirect client requests for new connections on ports 81 and 8080
> unless the requests can get to you on that port.
>
> --
> |-Simon White, Internet Services Manager, Certified Check Point CCSA.
> |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions.
> |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco.
> |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863
Received on Mon Apr 22 2002 - 07:03:19 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:38 MST