Hi
I'm running squid Version 2.7.STABLE9 on a FreeBSD.
I have only one external IP. I'm trying to set up squid so that it would be running on a single port in accel mode and in foward proxy mode.
The idea is to be able to access other services via the Connect method on the server, for instances ssh, in order to carry out maintenance work on the server as necessary while serving, on a backend server on the loopback. I use proxytunnel on a client machine to send Connect method and establish a tunnel through Squid to the local interface.
When I configure Squid in pure forward proxy, Squid connects to port 22 works seemlessly.
However, when I configure Squid to combine reverse and forward, my client gets the following answer upon connection with Squid: HTTP return code: 400 Bad Request
I've looked up as much as I could but could not figure out if it was possible to have Squid act simultaneously on the same port as a forward and reverse proxy.
I've done this in the past with an Apache server (ProxyRequest On together with a ProxyPass command) so I'm pretty sure Squid should let me do it. But I could not find any configuration exemple, whether on Squid's site or on the internet.
Many thanks for your help.
CL
Here is my config (server side):
- SSH: ssh is listening on the loopback on port 22.
- Apache: Apache is listening on the loopback on port 80.
- Squid:
---------------------------------------------------------
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.1/32
acl to_all dst all
acl SSL_ports port 80 22
acl Safe_ports port 80 # http
acl Safe_ports port 22 # ssh
acl CONNECT method CONNECT
---------------------------------------------------------
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow to_localhost Safe_ports
http_access allow localhost
################################
acl our_sites dstdomain www.mysite.com
http_access allow our_sites
cache_peer 127.0.0.1 parent 80 0 no-query originserver name=myAccel
cache_peer_access myAccel allow our_sites
################################
http_access deny all !to_localhost
---------------------------------------------------------
icp_access allow localnet
icp_access deny all
---------------------------------------------------------
http_port X.X.X.X:80 accel defaultsite=www.mysite.com
Received on Tue May 17 2011 - 23:26:11 MDT
This archive was generated by hypermail 2.2.0 : Wed May 18 2011 - 12:00:19 MDT