[squid-users] Re: re[squid-users] verse proxy headache

From: caifeng <[email protected]>
Date: Tue, 29 Apr 2008 00:00:04 -0700 (PDT)

Raymond Hall-2 wrote:
>
> Hi there,
>
> I've succesfully configured squid as reverse proxy, and it's been
> running fine for 2 months now.
> I even got it to sort diferent urls to different servers according to
> dstdomain and url-regexp rules.
> Now, I just added a new domain to proxy and the answer I get is this:
>
> ERROR
> The requested URL could not be retrieved
>
> While trying to retrieve the URL: http://www.laaficion.com/
>
> The following error was encountered:
>
> * Unable to forward this request at this time.
>
> This request could not be forwarded to the origin server or to any
> parent caches. The most likely cause for this error is that:
>
> * The cache administrator does not allow this cache to make direct
> connections to origin servers, and
> * All configured parent caches are currently unreachable.
>
> The configuration is a bit odd, since I'm running some apache and IIS
> servers on different machines on port 80, and also an apache server on
> the same machine on port 81. The problem I'm getting is with one of
> these domains in port 81, however I had succesfully proxied a
> different domain on port 81 before (ACL RIOS)
>
> My squid.conf is this:
>
> http_port 80 vhost
> hierarchy_stoplist cgi-bin
> acl QUERY urlpath_regex cgi-bin
> no_cache deny QUERY
> acl KEEPALIVE url_regex keepalive.htm
> no_cache deny KEEPALIVE
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access allow localhost
> http_reply_access allow all
> icp_access allow all
> coredump_dir /var/spool/squid
>
> #log in apache format
> logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
> "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
> access_log /var/log/squid/access-combi.log combined
>
> cache_peer 192.168.1.172 parent 80 0 no-query originserver
> acl WPUsers url_regex www.milenio.com/wp-login
> www.milenio.com/wp-admin www.milenio.com/servicios
> cache_peer_access 192.168.1.172 allow WPUsers
> cache_peer_access 192.168.1.172 deny all
>
> cache_peer 192.168.1.142 parent 81 0 no-query originserver
> acl NEWMILsites url_regex www.milenio.com/anuario
>
> cache_peer 192.168.1.171 parent 80 0 no-query originserver
> acl IISsites dstdomain www.milenio.com vip74.205.91.141
> cache_peer_access 192.168.1.171 allow IISsites
> cache_peer_access 192.168.1.171 deny all
>
> acl RIOS dstdomain .riosdetinta.com .riosdetinta.com.mx RIOS
> acl AFICION dstdomain .laaficion.com
> cache_peer_access 192.168.1.142 allow NEWMILsites RIOS AFICION
> cache_peer_access 192.168.1.142 deny all
>
> http_access allow WPUsers
> http_access allow RIOS
> http_access allow AFICION
> http_access allow NEWMILsites
> http_access allow IISsites
> http_access deny all
>
> cache_mem 1 GB
> max_filedesc 16384
> maximum_object_size 8192 KB
> cache_dir ufs /var/spool/squid 1024 64 256
> collapsed_forwarding on
>
>
> The new domain and corresponding ACL is: .laaficion.com and ACL AFICION
>
> I'd appreciate any pointers to what's wrong with this config.
>
> Thanks in advance,
> Raymond Hall
> --
> I'd rather have an inch of a dog than miles of pedigree.
>
> Dana Burnet
>
>

when using squid2.6, in order to have you squidserver work properly, adding
following line to your config file:
always_direct allow ACL_NAME

i'am not native english speaker,sorry for ugly expression *^-^*

-- 
View this message in context: http://www.nabble.com/reverse-proxy-headache-tp15026084p16953709.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Tue Apr 29 2008 - 07:00:08 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT