Re: [squid-users] url rewrite problem

From: Amos Jeffries <[email protected]>
Date: Wed, 03 Oct 2007 01:11:55 +1300

Srinivas B wrote:
> Hi All,
>
> is there any way I can redirect urls that are replaced by accelerated mode.
>
> I have something like
>
> http_port 8080 accel defaultsite=mysite.com
>
> Requests are replaced by host=mysite.com.
>
> I want to redirect some url based on original request (depending upon
> hostname). I have tried vhost option.., but doesn't seem to solve the
> problem, as hostname requested externally is not defined in internal
> DNS.

FQDN should be resolvable regardless of where you are. Websites should
always use FQDN. You need to seriously consider allowing the local
network to resolve your FQDN then. Particulary the webservers that are
supposed to be serving those websites publicly.

Anyway, to get accel going without involving DNS you only need to use a
cache_peer with a few ACLs to do the heavy lifting.

So long as its just a re-direction and not a re-writing that you want,
the following should be much easier and faster.

Here's a few of my config lines:

    # an internal source machine...
  cache_peer colo-32.localdomain parent 80 0 originserver name=colo1
    # domain it runs...
  acl colo1Hosted dstdomain .mifrenz.com
    # it ONLY provides that domain...
  cache_peer_access colo1 allow colo1Hosted GETPOST
  cache_peer_access colo1 deny all
    # people are allowed to do general web stuff with it...
  http_access allow colo1Hosted GETPOST
    # squid is not allowed to do anything with this domain itself...
  never_direct allow colo1Hosted

   cache_peer rio.treenetnz.com parent 80 0 originserver name=rio
   acl rioHosted dstdomain .treenet.co.nz
   acl rioHosted dstdomain .treenetnz.com
   cache_peer_access rio allow rioHosted GETPOST
   cache_peer_access rio deny all
   http_access allow rioHosted GETPOST
   never_direct allow rioHosted

etc, etc, repeat as needed for any unique sources.

You can use any of the ACL criteria to switch origins based on anything
you like.

FYI some names like colo-1 are not resolvable to the public. It does not
matter. As long as the name squid is given as the peer can be resolved
by squid, and the host server understands the names of domains its meant
to be hosting. The only DNS involved here is resolving
colo-32.localdomain and rio.treenetnz.com when squid needs them.

Placed ahead of the regular http_access rules it works well forcing all
accelerated/locally-hosted domain MISS'es out to the designated real
source, and blocking any general traffic being passed to the hosting
servers. Without the additional overhead of redirector threads.

'vhost' will do basic 'accel' and also alter the original Host: header
of the request as it goes through squid.

Amos
Received on Tue Oct 02 2007 - 06:12:02 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:00 MDT