Re: [squid-users] Squid

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 19 Jun 2008 16:06:59 +1200 (NZST)

>
> I have squid setup using a reverse proxy on port listening 21080
> squid redirects and gets info from my webserver to 21080 back to the user
> everything works except when i get a 302 redirect
>
> if i enter in the webbrowser http://MYIPADDRESS:21080/test/home.php it
> works
> fine
> http://MYIPADDRESS:21080/test/ it gets a 302 and redirects to an internal
> ip
> and internal port 80 which that server doesnt even use? thats wierd
>

302 Location headers may be hard-coded into some web apps which assume
they are reachable from the Web.

Your whole setup looks kind of delicate for a reverse-proxy. You would do
well to have squid listening on port 80 with a domain name (for
defaultsite= and dstdomain ACL), and peer access ACL restricting requests
to that domain and peer.
Presently you have an open proxy which depends on clients requesting the
web app by IP address and port explicitly via another unrelated IP
address.

>
> http_port 21080 defaultsite=10.108.50.37
> cache_peer 10.108.50.37 parent 21080 0 no-query originserver name=test
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> access_log /var/log/squid/access.log squid
> debug_options ALL,1
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
>
> http_access allow localhost
> http_access allow all
>
> http_reply_access allow all
> icp_access allow all
>
> coredump_dir /var/spool/squid
>
>
>
> 1213804667.207 3 69.****** TCP_REFRESH_HIT/304 271 GET
> http://10.108.50.37/test/css/master.css - FIRST_UP_PARENT/10.108.50.37 -
> 1213804667.212 4 69.****** TCP_REFRESH_HIT/304 271 GET
> http://10.108.50.37/test/css/edits.css - FIRST_UP_PARENT/10.108.50.37 -
> 1213804667.218 5 69.****** TCP_REFRESH_HIT/304 271 GET
> http://10.108.50.37/test/js/overlib.js - FIRST_UP_PARENT/10.108.50.37 -
> 1213804667.218 510 69.****** TCP_MISS/200 13861 GET
> http://10.108.50.37/test/home.php - FIRST_UP_PARENT/10.108.50.37 text/html
> 1213804667.279 37 69.****** TCP_REFRESH_HIT/304 271 GET
> http://10.108.50.37/test/js/mass.js - FIRST_UP_PARENT/10.108.50.37 -
> 1213804667.330 50 69.****** TCP_REFRESH_HIT/304 271 GET
> http://10.108.50.37/test/images/header_rightcorner.jpg -
> FIRST_UP_PARENT/10.108.50.37 -
> 1213804667.336 5 69.****** TCP_REFRESH_HIT/304 271 GET
> http://10.108.50.37/test/images/massinsectionlogo.gif -
> FIRST_UP_PARENT/10.108.50.37 -
> 1213804667.343 6 69.****** TCP_REFRESH_HIT/304 271 GET
> http://10.108.50.37/test/images/header_backgradientrepeat.jpg -
> FIRST_UP_PARENT/10.108.50.37 -
> 1213804667.391 2 69.****** TCP_REFRESH_HIT/304 271 GET
> http://10.108.50.37/test/images/header_leftbackground.jpg -
> FIRST_UP_PARENT/10.108.50.37 -
> 1213804673.593 884 69.****** TCP_MISS/302 311 GET
> http://10.108.50.37/test - FIRST_UP_PARENT/10.108.50.37 -
>
>
> I get the error on the last line here in the log?
>
>
> --
> View this message in context:
> http://www.nabble.com/Squid-tp17987495p17987495.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
>
>
Received on Thu Jun 19 2008 - 04:07:03 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 19 2008 - 12:00:05 MDT