Re: [squid-users] Setting up ACL for Squid as a Web Accelerator

From: Amos Jeffries <[email protected]>
Date: Wed, 14 Nov 2007 23:42:42 +1300

Ed Singleton wrote:
> I'm trying to set up squid as a web accelerator behind apache for a
> couple of slow dynamic sites I have.

Well, first trouble is that accelerators should be in _front_ of the web
server. Apache has perfectly fine caching internally for cachable
content. All the benefit from acceleration comes from taking the load
off before it gets near Apache.

> I have lots of virtual hosts in
> Apache and I want to be able to proxy a couple of them through squid.
>
> In Apache I have this for one of my virtual hosts:
>
> RewriteRule ^/(.*)$
> http://127.0.0.1:3128/http://212.100.249.204:7171/$1 [L,P]
>
> However, when I try to access the address I get this error:
>
> "Access Denied. Access control configuration prevents your request
> from being allowed at this time."
>
> I'm using webmin, and I can't figure out what rules I need to setup in
> order to allow the request. I've even tried having an Allow All rule,
> but that didn't make any difference.
>
> If anyone can give me some pointers I'd be extremely grateful.

Slow:
   client -> Apache

Attempt 1:
   client -> Apache -> Squid -> Apache

now guess how much work Apace is now doing?

better to try this:

client -> Squid2.6 -> Apache

apache config - same as before, just serve on a non-80 port (single
machine setup) or point DNS at the squid server (multi machine setup)

(use a recent 2.6 for accelerating)
squid: (assuming apache is on 1.2.3.4 port 81

   http_port 80 vhost defaultsite=www.example.com
   # www.example.com for broken clients who try to
   # GET without saying which domain.

   cache_peer 1.2.3.4 81 0 no-query no-digest no-netdb-exchange
originserver name=web

   # if you can list the domains accelerated easily
   # you may also want an ACL pre-filtering the domains
   acl accelSites srcdomain www.example.com
   cache_peer_access allow accelSites
   http_access allow accelSites

Amos
Received on Wed Nov 14 2007 - 03:42:40 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST