Re: Virtual Web servers... from Peter van Dijk on 1998-10-23 (squid-users)

From: Peter van Dijk <peter-squid@dont-contact.us>
Date: Fri, 23 Oct 1998 23:43:05 +0200

On Fri, Oct 23, 1998 at 03:34:31PM -0400, Sergey Gribov wrote:
>
> Hi,
>
> I have a question regarding the support of virtual Web servers...
> I have the following configuration:
> Some virtual host Web servers on computer behind the firewall and
> I would like to install squid on bastion host to work as a 'pipe'
> to these Web servers, but as I understand the only option to handle
> different hostnames in squid is to have a separate IPs, is it correct?
> My problem is, that I can't put too many IPs on the bastion host and I
> don't want to open direct access to the Web server.

        - Enable virtual and Host: based acceleration in order to be
          able to use Squid as a transparent proxy without breaking
          either virtual servers or clients not sending Host: header
          the order of the virtual and Host: based acceleration needs
          to be swapped, giving Host: a higher precendence than virtual
          host (Henrik Nordstrom).

Hmm... looking in etc/squid.conf I find:
# TAG: httpd_accel_uses_host_header on|off
# HTTP/1.1 requests include a Host: header which is basically the
# hostname from the URL. Squid can be an accelerator for
# different HTTP servers by looking at this header. However,
# Squid does NOT check the value of the Host header, so it opens
# a big security hole. We recommend that this option remain
# disabled unless you are sure of what you are doing.
#
# However, you will need to enable this option if you run Squid
# as a transparent proxy. Otherwise, virtual servers which
# require the Host: header will not be properly cached.
#httpd_accel_uses_host_header off

Things that spring into my mind:
- Use squid as a transparent proxy
- Put all the websites in /etc/hosts with their internal IPs (you DO have
a 192.168 or 172.16-31 or 10.bla net, don't you?)

Greetz, Peter.

-- 
'I guess anybody who walks away from a root shell at :         Peter van Dijk
 a nerd party gets what they deserve!' -- BillSF     :peter@attic.vuurwerk.nl
-- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --
finger peter@jamaica.xs4all.nl for my public PGP-key
  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -

Received on Fri Oct 23 1998 - 15:35:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:46 MST