[squid-users] Squid 3.0 as reverse proxy
Hi List, I use a Squid Cache version 3.0.STABLE16 as reverse proxy on an 100Mb server (hosted by Iliad) to cache my web sites running on my home connection (1024Kb Max). This configuration Works pretty fine, but I have troubles to cache some images (jpg|png) with a particular url: For example, I have a photos gallery where the link to download the original picture (biggest size) has a ? at the end: http://gallery.wenske.fr/wallpapers/holland_dream_2560x1600.jpg.html? In the access log I can see that this object is not cached: 23/Nov/2009:15:17:43 +0100.960 12372 84.207.23.135 TCP_MISS/200 1313021 GET http://gallery.wenske.fr/wallpapers/holland_dream_2560x1600.jpg.html? - DEFAULT_PARENT/sl01 image/jpeg (store.log, may be helpful: 1258985863.960 RELEASE -1 B8B54D74210C1D0090AA8E1390D77D9C 200 1258985851 1258985851 375007920 image/jpeg -1/1312295 GET http://gallery.wenske.fr/wallpapers/holland_dream_2560x1600.jpg.html?) I suppose that's due to this directive in the squid.conf: hierarchy_stoplist cgi-bin ? Is it possible to enable caching for this kind of url? Maybe with a regex? Thanks for your help, Sébastien WENSKE - the complete squid.conf - acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl all src acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all http_port 88.191.97.6:80 accel vhost acl dest_site dstdomain blog.canardwc.com gallery.wenske.fr verdin.canardwc.com acl dest_addr dst 10.0.1.5 acl dest_port port 80 cache_peer 10.0.1.5 parent 80 0 name=sl01 no-query originserver default cache_peer_access sl01 allow dest_site http_access allow dest_addr dest_port hierarchy_stoplist cgi-bin ? cache_mem 1024 MB maximum_object_size_in_memory 2048 KB memory_replacement_policy lru cache_replacement_policy lru cache_dir ufs /var/cache/squid 2048 16 256 minimum_object_size 0 KB maximum_object_size 64096 KB logformat squid %tl.%03tu %6tr %a %Ss/%03Hs %st %rm %ru %un %Sh/%A %mt access_log /var/log/squid/reverse-proxy_access.log squid cache_log /var/log/squid/reverse-proxy_cache.log cache_store_log /var/log/squid/reverse-proxy_store.log pid_filename /var/run/reverse-proxy.pid refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern (cgi-bin|\?)0 0% 0 refresh_pattern . 0 20% 4320 visible_hostname sl03.wenske.local cache_mgr x #icp_port 3130 coredump_dir /var/cache
[squid-users] squid 3.0 as reverse proxy and apache log at back-end
Hi again, In my previous mail I explained that I'm using a squid reverse proxy with high bandwidth to cache my apache at home. There are connected by VPN, and I would know if it is possible to get original IP in my apache logs. Currently I see only the squid local IP: sl03.wenske.local - - [23/Nov/2009:17:39:23 +0100] GET / HTTP/1.0 200 6761 I've tried some configurqtion with forwarded-for and follow_x_forwarded_for with no success. Thanks, Sébastien WENSKE
Re: [squid-users] squid 3.0 as reverse proxy and apache log at back-end
mån 2009-11-23 klockan 17:41 +0100 skrev Sébastien WENSKE: In my previous mail I explained that I'm using a squid reverse proxy with high bandwidth to cache my apache at home. There are connected by VPN, and I would know if it is possible to get original IP in my apache logs. Yes. You need to configure Apache to log the X-Forwarded-For header sent by Squid. Regards Henrik
RE: [squid-users] squid 3.0 as reverse proxy and apache log at back-end
Many thanks Henrik! I have add these two directive in apache2.conf: LogFormat %{X-Forwarded-For}i %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ reverse_proxy and SetEnvIf X-Forwarded-For ^.*\..*\..*\..* is-forwarder And in my vhost: CustomLog /var/log/apache2/blog.log reverse_proxy env=is-forwarder CustomLog /var/log/apache2/blog.log combined env=!is-forwarder This works pretty fine. Best regards, Sébastien WENSKE -Message d'origine- De : Henrik Nordstrom [mailto:hen...@henriknordstrom.net] Envoyé : mardi 24 novembre 2009 00:25 À : Sébastien WENSKE Cc : squid-users@squid-cache.org Objet : Re: [squid-users] squid 3.0 as reverse proxy and apache log at back-end mån 2009-11-23 klockan 17:41 +0100 skrev Sébastien WENSKE: In my previous mail I explained that I'm using a squid reverse proxy with high bandwidth to cache my apache at home. There are connected by VPN, and I would know if it is possible to get original IP in my apache logs. Yes. You need to configure Apache to log the X-Forwarded-For header sent by Squid. Regards Henrik
RE: [squid-users] squid 3.0 as reverse proxy and apache log at back-end
On Tue, 24 Nov 2009 01:27:30 +0100, Sébastien WENSKE sebast...@wenske.fr wrote: Many thanks Henrik! I have add these two directive in apache2.conf: LogFormat %{X-Forwarded-For}i %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ reverse_proxy and SetEnvIf X-Forwarded-For ^.*\..*\..*\..* is-forwarder And in my vhost: CustomLog /var/log/apache2/blog.log reverse_proxy env=is-forwarder CustomLog /var/log/apache2/blog.log combined env=!is-forwarder This works pretty fine. Careful though with XFF. I'd put quotes around it too. As ISPs move into layering NAT and proxy gateways, or if you extend your own CDN vertically, you can expect it to contain more than one IP with maybe some whitespace between them. Amos
Re: [squid-users] squid 3.0 as reverse proxy
sön 2006-06-18 klockan 20:19 -0700 skrev Chenxi Wang: I am using Squid 3.0 as a reverse proxy and was able to connect to the originserver if I specify make always_direct on. But if I turn the always_direct to be off, I have not been able to get squid to forward http requests to the origin server that I specified. I looked through the FAQ and mail archive, there is one case similar to mine but no one provided an answer. See the release notes and the cache_peer directive. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] squid 3.0 as reverse proxy
Hi, I am using Squid 3.0 as a reverse proxy and was able to connect to the originserver if I specify make always_direct on. But if I turn the always_direct to be off, I have not been able to get squid to forward http requests to the origin server that I specified. I looked through the FAQ and mail archive, there is one case similar to mine but no one provided an answer. The error message I got makes me think that there is something in the configuration file that is blocking the forwading request. This is what I got: --- While trying to retrieve the URL: the server url here... The following error was encountered: * Unable to forward this request at this time. This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that: * The cache administrator does not allow this cache to make direct connections to origin servers, and * All configured parent caches are currently unreachable - I've put the origin server name in the http_port directive http_port 80 accel defaultsite=3Dmyorigin.com and I've changed the cache peer directive cache_peer myorigin.com parent 80 3130 originserver cache_peer_access myorigin.com allow all all is definied as (all client sources) I have no idea why it is not working, I'd appreciate any clue that you = can send me. Thanks, Chenxi
Re: [squid-users] Squid-3.0.pre..reverse proxy..passing ldap username to back end w eb servers
On Wed, 23 Jun 2004, Chris Perreault wrote: I wondering if squid has a built in feature that passes the username down to back end webservers. See the login= cache_peer option. Regards Henrik
[squid-users] Squid-3.0.pre..reverse proxy..passing ldap username to back end w eb servers
I wondering if squid has a built in feature that passes the username down to back end webservers. Reference material seems to state there is an authentication header, but I don't see this information displayed when I run a script that shows the header information on the webserver. I'm displaying this information using an asp script that shows all the server variables. We'd like to get the ldap authenticated username so we can match it to a profile database on the back-end network. Thanks in advance, Chris Html table output on headers.asp: Server Variable Name Server Variable Value ALL_HTTP HTTP_ACCEPT:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */* HTTP_ACCEPT_LANGUAGE:en-us HTTP_CONNECTION:keep-alive HTTP_HOST:10.8.88.3 HTTP_USER_AGENT:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) HTTP_COOKIE:ASPSESSIONIDAACBDSRQ=PJJAGNGDBLFCLNGPIBFHCAOE HTTP_VIA:1.1 linux.local (squid/3.0-PRE3-20040608) HTTP_ACCEPT_ENCODING:gzip, deflate HTTP_X_FORWARDED_FOR:10.8.88.17 HTTP_CACHE_CONTROL:max-age=259200 ALL_RAW Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */* Accept-Language: en-us Connection: keep-alive Host: 10.87.88.3 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Cookie: ASPSESSIONIDAACBDSRQ=PJJAGNGDBLFCLNGPIBFHCAOE Via: 1.1 linux.local (squid/3.0-PRE3-20040608) Accept-Encoding: gzip, deflate X-Forwarded-For: 10.8.88.17 Cache-Control: max-age=259200 APPL_MD_PATH /LM/W3SVC/1/ROOT APPL_PHYSICAL_PATH e:\inetpub\wwwroot\ AUTH_PASSWORD AUTH_TYPE AUTH_USER CERT_COOKIE CERT_FLAGS CERT_ISSUER CERT_KEYSIZE CERT_SECRETKEYSIZE CERT_SERIALNUMBER CERT_SERVER_ISSUER CERT_SERVER_SUBJECT CERT_SUBJECT CONTENT_LENGTH 0 CONTENT_TYPE GATEWAY_INTERFACE CGI/1.1 HTTPS off HTTPS_KEYSIZE HTTPS_SECRETKEYSIZE HTTPS_SERVER_ISSUER HTTPS_SERVER_SUBJECT INSTANCE_ID 1 INSTANCE_META_PATH /LM/W3SVC/1 LOCAL_ADDR 10.8.93.222 LOGON_USER PATH_INFO /intranet/headers.asp PATH_TRANSLATED e:\inetpub\wwwroot\intranet\headers.asp QUERY_STRING REMOTE_ADDR 10.8.88.3 REMOTE_HOST 10.8.88.3 REMOTE_USER REQUEST_METHOD GET SCRIPT_NAME /intranet/headers.asp SERVER_NAME 10.87.88.3 SERVER_PORT 80 SERVER_PORT_SECURE 0 SERVER_PROTOCOL HTTP/1.0 SERVER_SOFTWARE Microsoft-IIS/5.0 URL /intranet/headers.asp HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */* HTTP_ACCEPT_LANGUAGE en-us HTTP_CONNECTION keep-alive HTTP_HOST 10.87.88.3 HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) HTTP_COOKIE ASPSESSIONIDAACBDSRQ=PJJAGNGDBLFCLNGPIBFHCAOE HTTP_VIA 1.1 linux.local (squid/3.0-PRE3-20040608) HTTP_ACCEPT_ENCODING gzip, deflate HTTP_X_FORWARDED_FOR 10.8.88.17 HTTP_CACHE_CONTROL max-age=259200