Re: [squid-users] Forcing Header in Reverse Proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 16 Jan 2012 18:25:36 +1300

On 16/01/2012 5:36 p.m., Roman Gelfand wrote:
> I have setup configuration to forward requests to a backend server...
>
> acl dspam urlpath_regex ^/mesg
> https_port 443 cert=/etc/certs/mail.pem key=/etc/certs/mail.key vhost vport
> cache_peer host.mydomain.com parent 80 0 no-query originserver
> name=mail login=PASS
> cache_peer_access mail allow mail

You have omitted the definition for "mail". I will assume that it is
defined right.
> cache_peer_access mail deny all
> never_direct allow !localnet

never_direct is not relevant on reverse-proxy traffic.

> http_access allow !localnet

Um, permitting traffic from anywhere *except* LAN? Bit strange. Why not
do the usual reverse-proxy config of "http_access allow mail"? it makes
no difference to Squid where the traffic comes from so long as it is
valid for the peers to receive.

>
> The problem is host mail resolves to mesg.mydomain.com instead of
> mail.mydomain.com. How can I force the header to be
> mesg.mydomain.com?

Its not clear why you need to force anything. Surely the server at
"host.mydomain.com" has been correctly setup to host all of the FQDN
which are passed to it?

Note that what the FQDN resolves to should be the Squid IP address. This
resolution is done only by the client and is completely separate to the
*textual* FQDN label which remains unchanged when passing through Squid
to the server. The config demos show it using dstdomain to test the
*textual* FQDN label for acceptible values instead of resolving the IP
or other complex things by reason of domain FQDN being the most stable
and dependable property of the traffic.

Amos
Received on Mon Jan 16 2012 - 05:25:40 MST

This archive was generated by hypermail 2.2.0 : Mon Jan 16 2012 - 12:00:02 MST