[squid-users] Squid 3.0 as reverse proxy

2009-11-23 Thread Sébastien WENSKE 
Hi List,

I use a Squid Cache version 3.0.STABLE16 as reverse proxy on an 100Mb server 
(hosted by Iliad) to cache my web sites running on my home connection  (1024Kb 
Max).

This configuration Works pretty fine, but I have troubles to cache some images 
(jpg|png) with a particular url:

For example, I have a photos gallery where the link to download the original 
picture (biggest size) has a ? at the end:

http://gallery.wenske.fr/wallpapers/holland_dream_2560x1600.jpg.html?

In the access log I can see that this object is not cached:

23/Nov/2009:15:17:43 +0100.960  12372 84.207.23.135 TCP_MISS/200 1313021 GET 
http://gallery.wenske.fr/wallpapers/holland_dream_2560x1600.jpg.html? - 
DEFAULT_PARENT/sl01 image/jpeg

(store.log, may be helpful: 1258985863.960 RELEASE -1  
B8B54D74210C1D0090AA8E1390D77D9C  200 1258985851 1258985851 375007920 
image/jpeg -1/1312295 GET 
http://gallery.wenske.fr/wallpapers/holland_dream_2560x1600.jpg.html?)

I suppose that's due to this directive in the squid.conf:

hierarchy_stoplist cgi-bin ?

Is it possible to enable caching for this kind of url? Maybe with a regex?


Thanks for your help,

Sébastien WENSKE


- the complete squid.conf 
-

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl all src
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow all

icp_access allow localnet
icp_access deny all

htcp_access allow localnet
htcp_access deny all
http_port 88.191.97.6:80 accel vhost

acl dest_site dstdomain blog.canardwc.com gallery.wenske.fr verdin.canardwc.com
acl dest_addr dst 10.0.1.5
acl dest_port port 80

cache_peer 10.0.1.5 parent 80 0 name=sl01 no-query originserver default
cache_peer_access sl01 allow dest_site

http_access allow dest_addr dest_port

hierarchy_stoplist cgi-bin ?

cache_mem 1024 MB
maximum_object_size_in_memory 2048 KB
memory_replacement_policy lru

cache_replacement_policy lru
cache_dir ufs /var/cache/squid 2048 16 256
minimum_object_size 0 KB
maximum_object_size 64096 KB

logformat squid %tl.%03tu %6tr %a %Ss/%03Hs %st %rm %ru %un %Sh/%A %mt
access_log /var/log/squid/reverse-proxy_access.log squid
cache_log /var/log/squid/reverse-proxy_cache.log
cache_store_log /var/log/squid/reverse-proxy_store.log
pid_filename /var/run/reverse-proxy.pid

refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern (cgi-bin|\?)0   0%  0
refresh_pattern .   0   20% 4320

visible_hostname sl03.wenske.local
cache_mgr x
#icp_port 3130
coredump_dir /var/cache

[squid-users] squid 3.0 as reverse proxy and apache log at back-end

2009-11-23 Thread Sébastien WENSKE 
Hi again,

In my previous mail I explained that I'm using a squid reverse proxy with high 
bandwidth to cache my apache at home. There are connected by VPN, and I would 
know if it is possible to get original IP in my apache logs.

Currently I see only the squid local IP:

sl03.wenske.local - - [23/Nov/2009:17:39:23 +0100] GET / HTTP/1.0 200 6761

I've tried some configurqtion with forwarded-for and follow_x_forwarded_for 
with no success.

Thanks,

Sébastien WENSKE

Re: [squid-users] squid 3.0 as reverse proxy and apache log at back-end

2009-11-23 Thread Henrik Nordstrom 
mån 2009-11-23 klockan 17:41 +0100 skrev Sébastien WENSKE:

 In my previous mail I explained that I'm using a squid reverse proxy
 with high bandwidth to cache my apache at home. There are connected by
 VPN, and I would know if it is possible to get original IP in my
 apache logs.

Yes. You need to configure Apache to log the X-Forwarded-For header sent
by Squid.

Regards
Henrik

RE: [squid-users] squid 3.0 as reverse proxy and apache log at back-end

2009-11-23 Thread Sébastien WENSKE 
Many thanks Henrik!

I have add these two directive in apache2.conf:

LogFormat %{X-Forwarded-For}i %l %u %t \%r\ %s %b \%{Referer}i\ 
\%{User-Agent}i\ reverse_proxy
and
SetEnvIf X-Forwarded-For ^.*\..*\..*\..* is-forwarder

And in my vhost:

CustomLog /var/log/apache2/blog.log reverse_proxy env=is-forwarder
CustomLog /var/log/apache2/blog.log combined env=!is-forwarder

This works pretty fine.

Best regards,

Sébastien WENSKE



-Message d'origine-
De : Henrik Nordstrom [mailto:hen...@henriknordstrom.net] 
Envoyé : mardi 24 novembre 2009 00:25
À : Sébastien WENSKE
Cc : squid-users@squid-cache.org
Objet : Re: [squid-users] squid 3.0 as reverse proxy and apache log at back-end

mån 2009-11-23 klockan 17:41 +0100 skrev Sébastien WENSKE:

 In my previous mail I explained that I'm using a squid reverse proxy
 with high bandwidth to cache my apache at home. There are connected by
 VPN, and I would know if it is possible to get original IP in my
 apache logs.

Yes. You need to configure Apache to log the X-Forwarded-For header sent
by Squid.

Regards
Henrik

RE: [squid-users] squid 3.0 as reverse proxy and apache log at back-end

2009-11-23 Thread Amos Jeffries 
On Tue, 24 Nov 2009 01:27:30 +0100, Sébastien WENSKE sebast...@wenske.fr
wrote:
 Many thanks Henrik!
 
 I have add these two directive in apache2.conf:
 
   LogFormat %{X-Forwarded-For}i %l %u %t \%r\ %s %b \%{Referer}i\
   \%{User-Agent}i\ reverse_proxy
 and
   SetEnvIf X-Forwarded-For ^.*\..*\..*\..* is-forwarder
 
 And in my vhost:
 
 CustomLog /var/log/apache2/blog.log reverse_proxy
env=is-forwarder
 CustomLog /var/log/apache2/blog.log combined env=!is-forwarder
 
 This works pretty fine.

Careful though with XFF. I'd put quotes around it too.
 As ISPs move into layering NAT and proxy gateways, or if you extend your
own CDN vertically, you can expect it to contain more than one IP with
maybe some whitespace between them.

Amos

Re: [squid-users] squid 3.0 as reverse proxy

2006-06-19 Thread Henrik Nordstrom 
sön 2006-06-18 klockan 20:19 -0700 skrev Chenxi Wang:

 I am using Squid 3.0 as a reverse proxy and was able to connect to the
 originserver if I specify make always_direct on. But if I turn the
 always_direct to be off, I have not been able to get squid to
 forward http requests to the origin server that I specified. I looked
 through the FAQ and mail archive, there is one case similar to mine but
 no one provided an answer.

See the release notes and the cache_peer directive.

Regards
Henrik


signature.asc
Description: Detta är en digitalt signerad	meddelandedel

[squid-users] squid 3.0 as reverse proxy

2006-06-18 Thread Chenxi Wang 

Hi,

I am using Squid 3.0 as a reverse proxy and was able to connect to the
originserver if I specify make always_direct on. But if I turn the
always_direct to be off, I have not been able to get squid to
forward http requests to the origin server that I specified. I looked
through the FAQ and mail archive, there is one case similar to mine but
no one provided an answer.

The error message I got makes me think that there is something in the
configuration file that is blocking the forwading request. This is what
I got:

---
While trying to retrieve the URL: the server url here...

The following error was encountered:

*   Unable to forward this request at this time.

This request could not be forwarded to the origin server or to any
parent caches. The most likely cause for this error is that:

*   The cache administrator does not allow this cache to make direct
connections to origin servers, and
*   All configured parent caches are currently unreachable

-

I've put the origin server name in the http_port directive
 http_port 80 accel defaultsite=3Dmyorigin.com

and I've changed the cache peer directive
 cache_peer myorigin.com parent 80 3130 originserver
 cache_peer_access myorigin.com allow all

all is definied as (all client sources)

I have no idea why it is not working, I'd appreciate any clue that you =
can send me.

Thanks,

Chenxi

Re: [squid-users] Squid-3.0.pre..reverse proxy..passing ldap username to back end w eb servers

2004-07-19 Thread Henrik Nordstrom 
On Wed, 23 Jun 2004, Chris Perreault wrote:

 
 I wondering if squid has a built in feature that passes the username down to
 back end webservers.

See the login= cache_peer option.

Regards
Henrik

[squid-users] Squid-3.0.pre..reverse proxy..passing ldap username to back end w eb servers

2004-06-23 Thread Chris Perreault 

I wondering if squid has a built in feature that passes the username down to
back end webservers. Reference material seems to state there is an
authentication header, but I don't see this information displayed when I run
a script that shows the header information on the webserver. I'm displaying
this information using an asp script that shows all the server variables.
We'd like to get the ldap authenticated username so we can match it to a
profile database on the back-end network.

Thanks in advance,
Chris

Html table output on headers.asp:

Server Variable Name Server Variable Value 
 ALL_HTTP  HTTP_ACCEPT:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
application/x-shockwave-flash, */* HTTP_ACCEPT_LANGUAGE:en-us
HTTP_CONNECTION:keep-alive HTTP_HOST:10.8.88.3 HTTP_USER_AGENT:Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0)
HTTP_COOKIE:ASPSESSIONIDAACBDSRQ=PJJAGNGDBLFCLNGPIBFHCAOE HTTP_VIA:1.1
linux.local (squid/3.0-PRE3-20040608) HTTP_ACCEPT_ENCODING:gzip, deflate
HTTP_X_FORWARDED_FOR:10.8.88.17 HTTP_CACHE_CONTROL:max-age=259200  
 ALL_RAW  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
application/x-shockwave-flash, */* Accept-Language: en-us Connection:
keep-alive Host: 10.87.88.3 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.0) Cookie: ASPSESSIONIDAACBDSRQ=PJJAGNGDBLFCLNGPIBFHCAOE Via:
1.1 linux.local (squid/3.0-PRE3-20040608) Accept-Encoding: gzip, deflate
X-Forwarded-For: 10.8.88.17 Cache-Control: max-age=259200  
 APPL_MD_PATH  /LM/W3SVC/1/ROOT  
 APPL_PHYSICAL_PATH  e:\inetpub\wwwroot\  
 AUTH_PASSWORD
 AUTH_TYPE
 AUTH_USER
 CERT_COOKIE
 CERT_FLAGS
 CERT_ISSUER
 CERT_KEYSIZE
 CERT_SECRETKEYSIZE
 CERT_SERIALNUMBER
 CERT_SERVER_ISSUER
 CERT_SERVER_SUBJECT
 CERT_SUBJECT
 CONTENT_LENGTH  0  
 CONTENT_TYPE
 GATEWAY_INTERFACE  CGI/1.1  
 HTTPS  off  
 HTTPS_KEYSIZE
 HTTPS_SECRETKEYSIZE
 HTTPS_SERVER_ISSUER
 HTTPS_SERVER_SUBJECT
 INSTANCE_ID  1  
 INSTANCE_META_PATH  /LM/W3SVC/1  
 LOCAL_ADDR  10.8.93.222  
 LOGON_USER
 PATH_INFO  /intranet/headers.asp  
 PATH_TRANSLATED  e:\inetpub\wwwroot\intranet\headers.asp  
 QUERY_STRING
 REMOTE_ADDR  10.8.88.3  
 REMOTE_HOST  10.8.88.3  
 REMOTE_USER
 REQUEST_METHOD  GET  
 SCRIPT_NAME  /intranet/headers.asp  
 SERVER_NAME  10.87.88.3  
 SERVER_PORT  80  
 SERVER_PORT_SECURE  0  
 SERVER_PROTOCOL  HTTP/1.0  
 SERVER_SOFTWARE  Microsoft-IIS/5.0  
 URL  /intranet/headers.asp  
 HTTP_ACCEPT  image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
application/x-shockwave-flash, */*  
 HTTP_ACCEPT_LANGUAGE  en-us  
 HTTP_CONNECTION  keep-alive  
 HTTP_HOST  10.87.88.3  
 HTTP_USER_AGENT  Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)  
 HTTP_COOKIE  ASPSESSIONIDAACBDSRQ=PJJAGNGDBLFCLNGPIBFHCAOE  
 HTTP_VIA  1.1 linux.local (squid/3.0-PRE3-20040608)  
 HTTP_ACCEPT_ENCODING  gzip, deflate  
 HTTP_X_FORWARDED_FOR  10.8.88.17  
 HTTP_CACHE_CONTROL  max-age=259200