Re: [squid-users] RE: reverse proxy problem

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 26 May 2009 16:05:40 +1200 (NZST)

>
>
> Hello,
>
>
> I have build squid reverse proxy, for an web application called topdesk..
>
> At first I get starting page but when I login I get some error's
>
> Can some one please help and tell me what is going wrong ??
>
> See log and config files below:
>
> Squid is version squid-2.7.STABLE6 is running on windows 2003 server.
>
>
> With kind regards,
>
>
> Bas van Den dikkenberg
>
>
>
> The log file:
>
> 1243256982.937 0 84.245.31.147 TCP_MEM_HIT/200 3089 GET
> https://extranet.dikkenberg.net/tas/css/login.css? - NONE/- text/css
> 1243256983.015 0 84.245.31.147 TCP_MEM_HIT/200 5305 GET
> https://extranet.dikkenberg.net/tas/tasimage/login/logo-prof-4.gif -
> NONE/- image/gif
> 1243256983.015 0 84.245.31.147 TCP_MEM_HIT/200 5100 GET
> https://extranet.dikkenberg.net/tas/tasimage/login/login.jpg? - NONE/-
> image/jpeg
> 1243256983.031 0 84.245.31.147 TCP_MEM_HIT/200 529 GET
> https://extranet.dikkenberg.net/tas/tasimage/login/loginbar.gif - NONE/-
> image/gif
> 1243256983.171 0 84.245.31.147 TCP_MEM_HIT/200 5731 GET
> https://extranet.dikkenberg.net/favicon.ico - NONE/- -
> 1243256989.031 16 84.245.31.147 TCP_MISS/302 342 POST
> https://extranet.dikkenberg.net/tas/secure/j_security_check;jsessionid=7zzBU3-8Cqw1-erXS02
> - FIRST_UP_PARENT/q-services -
> 1243258530.734 16 84.245.31.147 TCP_MISS/302 380 GET
> https://extranet.dikkenberg.net/tas/secure/j_security_check;jsessionid=7zzBU3-8Cqw1-erXS02
> - FIRST_UP_PARENT/q-services -
>

None of these are errors. They are successful HITS or IMS requests.
Any error that is occuring amid those requests is likely to be a browser
failure to handle a URL so it never gets passed to Squid.

>
> My config looks like this:
>
> http_port 80 accel defaultsite=extranet.quaere.nl vhost
> https_port 443 accel defaultsite=extranet.dikkenberg.net vhost
> cert=C:/squid/etc/extranet.dikkenberg.net.crt
> key=C:/squid/etc/extranet.dikkenberg.net.key
> defaultsite=extranet.dikkenberg.net
>
>
> forwarded_for on
>
>
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> cache_peer 192.168.0.55 parent 80 0 no-query no-digest originserver
> name=q-services login=PASS
> acl sites_q-services dstdomain extranet.quaere.nl extranet.dikkenberg.net
> acl our_sites2 dstdomain extranet.quaere.nl extranet.dikkenberg.net
> cache_peer_access q-services allow sites_q-services

Missing:
  http_access allow sites_q-services

>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
>

... ah here it is, but with a different name.
You may as well merge the two ACLs sites_q-services and our_sites2 into
one name. They are identical.

> http_access allow our_sites2
> http_access allow manager all
> http_access allow manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny all
>
>
>
> access_log c:/squid/var/logs/access.log squid
> cache_mgr support_at_quaere.nl
>
>
>
>
Received on Tue May 26 2009 - 04:05:46 MDT

This archive was generated by hypermail 2.2.0 : Tue May 26 2009 - 12:00:01 MDT