RE: [squid-users] Apache 301 redirects working with squid
Date: Wed, 13 Jan 2010 11:48:53 +1300 From: squ...@treenet.co.nz To: squid-users@squid-cache.org Subject: Re: [squid-users] Apache 301 redirects working with squid Chris Robertson wrote: Drew Wrobel wrote: Date: Fri, 8 Jan 2010 12:23:11 -0900 From: crobert...@gci.net To: squid-users@squid-cache.org Subject: Re: [squid-users] Apache 301 redirects working with squid Drew Wrobel wrote: I have the redirects working with squid and apache. Of course now I have a new wrinkle. Here are the rules I currently have defined: http_port 80 accel vport cache_peer 172.21.174.78 parent 80 0 no-query originserver round-robin login=PASS acl mainSite dstdomain www.company.com http_access allow mainSite cache_peer_access 172.21.174.78 allow mainSite cache_peer_access 172.21.174.78 deny all acl otherSites dstdomain .company.com deny_info http://www.company.com/ otherSites http_access deny otherSites http_access deny all I have about 70+ addtional domains that I need to redirect them all to the default of www.company.com The domains are anything from 1800company.com, 1-800-comany.com, various .net/.biz/.org/.info and other combinations. It there a simple/easy acl that I can use as a catch all, if you will, for anything that isn't www.company.com to have it redirected to www.company.com? I haven't tested this, but I think it should work... acl mainSite dstdomain www.company.com http_access allow mainSite http_access deny !mainSite deny_info http://www.company.com/ mainSite Chris That seems to work. Here is that I have defined: acl mainSite dstdomain www.company.com http_access allow mainSite http_access deny !mainSite deny_info http://www.pepboys.com/ mainSite http_access deny all Wasn't sure if the last deny was needed but put it in as a catch all just in case. Should the deny_info line end with mainSite or !mainSite? Your deny_info line is correct. Chris Drew: you can start the redirect URL with 301: or 302: to set the redirect code if needed. ie: deny_info 301:http://www.company.com/ mainSite Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15 I tried the above deny_info 301 but it doesn't work. The following is what I get in the access.log. test.company.com 172.21.84.170 - - [13/Jan/2010:02:51:18 -0500] GET http://172.21.219.60/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/301:http://www.company.com/ HTTP/1.1 302 325 - Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 TCP_DENIED:NONE I checked the squid 2.7 documentation, and it doesn't make any reference to doing what you suggested. Only that it would do a 302 redirect. It's not the end of the world if I can't get the redirect to come back as a 301. _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. http://clk.atdmt.com/GBL/go/196390706/direct/01/
RE: [squid-users] Apache 301 redirects working with squid
Date: Fri, 8 Jan 2010 12:23:11 -0900 From: crobert...@gci.net To: squid-users@squid-cache.org Subject: Re: [squid-users] Apache 301 redirects working with squid Drew Wrobel wrote: I have the redirects working with squid and apache. Of course now I have a new wrinkle. Here are the rules I currently have defined: http_port 80 accel vport cache_peer 172.21.174.78 parent 80 0 no-query originserver round-robin login=PASS acl mainSite dstdomain www.company.com http_access allow mainSite cache_peer_access 172.21.174.78 allow mainSite cache_peer_access 172.21.174.78 deny all acl otherSites dstdomain .company.com deny_info http://www.company.com/ otherSites http_access deny otherSites http_access deny all I have about 70+ addtional domains that I need to redirect them all to the default of www.company.com The domains are anything from 1800company.com, 1-800-comany.com, various .net/.biz/.org/.info and other combinations. It there a simple/easy acl that I can use as a catch all, if you will, for anything that isn't www.company.com to have it redirected to www.company.com? I haven't tested this, but I think it should work... acl mainSite dstdomain www.company.com http_access allow mainSite http_access deny !mainSite deny_info http://www.company.com/ mainSite Chris That seems to work. Here is that I have defined: acl mainSite dstdomain www.company.com http_access allow mainSite http_access deny !mainSite deny_info http://www.pepboys.com/ mainSite http_access deny all Wasn't sure if the last deny was needed but put it in as a catch all just in case. Should the deny_info line end with mainSite or !mainSite? _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. http://clk.atdmt.com/GBL/go/196390709/direct/01/
Re: [squid-users] Apache 301 redirects working with squid
Drew Wrobel wrote: Date: Fri, 8 Jan 2010 12:23:11 -0900 From: crobert...@gci.net To: squid-users@squid-cache.org Subject: Re: [squid-users] Apache 301 redirects working with squid Drew Wrobel wrote: I have the redirects working with squid and apache. Of course now I have a new wrinkle. Here are the rules I currently have defined: http_port 80 accel vport cache_peer 172.21.174.78 parent 80 0 no-query originserver round-robin login=PASS acl mainSite dstdomain www.company.com http_access allow mainSite cache_peer_access 172.21.174.78 allow mainSite cache_peer_access 172.21.174.78 deny all acl otherSites dstdomain .company.com deny_info http://www.company.com/ otherSites http_access deny otherSites http_access deny all I have about 70+ addtional domains that I need to redirect them all to the default of www.company.com The domains are anything from 1800company.com, 1-800-comany.com, various .net/.biz/.org/.info and other combinations. It there a simple/easy acl that I can use as a catch all, if you will, for anything that isn't www.company.com to have it redirected to www.company.com? I haven't tested this, but I think it should work... acl mainSite dstdomain www.company.com http_access allow mainSite http_access deny !mainSite deny_info http://www.company.com/ mainSite Chris That seems to work. Here is that I have defined: acl mainSite dstdomain www.company.com http_access allow mainSite http_access deny !mainSite deny_info http://www.pepboys.com/ mainSite http_access deny all Wasn't sure if the last deny was needed but put it in as a catch all just in case. Should the deny_info line end with mainSite or !mainSite? Your deny_info line is correct. Chris
Re: [squid-users] Apache 301 redirects working with squid
Chris Robertson wrote: Drew Wrobel wrote: Date: Fri, 8 Jan 2010 12:23:11 -0900 From: crobert...@gci.net To: squid-users@squid-cache.org Subject: Re: [squid-users] Apache 301 redirects working with squid Drew Wrobel wrote: I have the redirects working with squid and apache. Of course now I have a new wrinkle. Here are the rules I currently have defined: http_port 80 accel vport cache_peer 172.21.174.78 parent 80 0 no-query originserver round-robin login=PASS acl mainSite dstdomain www.company.com http_access allow mainSite cache_peer_access 172.21.174.78 allow mainSite cache_peer_access 172.21.174.78 deny all acl otherSites dstdomain .company.com deny_info http://www.company.com/ otherSites http_access deny otherSites http_access deny all I have about 70+ addtional domains that I need to redirect them all to the default of www.company.com The domains are anything from 1800company.com, 1-800-comany.com, various .net/.biz/.org/.info and other combinations. It there a simple/easy acl that I can use as a catch all, if you will, for anything that isn't www.company.com to have it redirected to www.company.com? I haven't tested this, but I think it should work... acl mainSite dstdomain www.company.com http_access allow mainSite http_access deny !mainSite deny_info http://www.company.com/ mainSite Chris That seems to work. Here is that I have defined: acl mainSite dstdomain www.company.com http_access allow mainSite http_access deny !mainSite deny_info http://www.pepboys.com/ mainSite http_access deny all Wasn't sure if the last deny was needed but put it in as a catch all just in case. Should the deny_info line end with mainSite or !mainSite? Your deny_info line is correct. Chris Drew: you can start the redirect URL with 301: or 302: to set the redirect code if needed. ie: deny_info 301:http://www.pepboys.com/ mainSite Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15
RE: [squid-users] Apache 301 redirects working with squid
I have the redirects working with squid and apache. Of course now I have a new wrinkle. Here are the rules I currently have defined: http_port 80 accel vport cache_peer 172.21.174.78 parent 80 0 no-query originserver round-robin login=PASS acl mainSite dstdomain www.company.com http_access allow mainSite cache_peer_access 172.21.174.78 allow mainSite cache_peer_access 172.21.174.78 deny all acl otherSites dstdomain .company.com deny_info http://www.company.com/ otherSites http_access deny otherSites http_access deny all I have about 70+ addtional domains that I need to redirect them all to the default of www.company.com The domains are anything from 1800company.com, 1-800-comany.com, various .net/.biz/.org/.info and other combinations. It there a simple/easy acl that I can use as a catch all, if you will, for anything that isn't www.company.com to have it redirected to www.company.com? _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. http://clk.atdmt.com/GBL/go/196390709/direct/01/
Re: [squid-users] Apache 301 redirects working with squid
Drew Wrobel wrote: I have the redirects working with squid and apache. Of course now I have a new wrinkle. Here are the rules I currently have defined: http_port 80 accel vport cache_peer 172.21.174.78 parent 80 0 no-query originserver round-robin login=PASS acl mainSite dstdomain www.company.com http_access allow mainSite cache_peer_access 172.21.174.78 allow mainSite cache_peer_access 172.21.174.78 deny all acl otherSites dstdomain .company.com deny_info http://www.company.com/ otherSites http_access deny otherSites http_access deny all I have about 70+ addtional domains that I need to redirect them all to the default of www.company.com The domains are anything from 1800company.com, 1-800-comany.com, various .net/.biz/.org/.info and other combinations. It there a simple/easy acl that I can use as a catch all, if you will, for anything that isn't www.company.com to have it redirected to www.company.com? I haven't tested this, but I think it should work... acl mainSite dstdomain www.company.com http_access allow mainSite http_access deny !mainSite deny_info http://www.company.com/ mainSite Chris
RE: [squid-users] Apache 301 redirects working with squid
Amos,
I'm sorry that I didn't report the version of Squid that I am running.
Currently I am running 2.6 STABLE 22. I will be upgrading to the latest 2.7
or 3.0 in the near future.
Here is what I have in my squid.conf with the changes that you suggested:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/cache/squid
http_port 80 accel vport
cache_peer 172.21.174.78 parent 80 0 no-query originserver round-robin
login=PASS
acl mainSite dstdomain www-dev1.company.com
http_access allow mainSite
cache_peer_access 172.21.174.78 allow mainSite
cache_peer_access 172.21.174.78 deny all
acl otherSites dstdomain .company.com
deny_info http://www-dev1.company.com/ otherSites
http_access deny otherSites
http_access deny all
icp_access deny all
forwarded_for off
follow_x_forwarded_for allow all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
logformat combined %{Host}h %a %ui %un [%tl] %rm %ru HTTP/%rv %Hs %st
%{Referer}h %{User-Agent}h %Ss:%Sh
access_log /var/log/squid/access.log combined
collapsed_forwarding on
vary_ignore_expire on
cache_effective_user squid
cache_store_log none
client_db off
cache_mem 512 MB
cache_dir ufs /var/cache/squid 3000 10 10
I see the following in my squid access logs:
www-dev4.pepboys.com 172.21.84.170 - - [05/Jan/2010:12:02:56 -0500] GET
http://172.21.219.60/ HTTP/1.1 302 385 - Mozilla/5.0 (Macintosh; U; PPC Mac
OS X 10.4; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 TCP_DENIED:NONE
Does it matter that the changes are being reported as a 302 instead of a 301?
I don't know if it does or not.
Thanks,
Drew
_
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141664/direct/01/
Re: [squid-users] Apache 301 redirects working with squid
Drew Wrobel wrote:
Amos,
I'm sorry that I didn't report the version of Squid that I am running.
Currently I am running 2.6 STABLE 22. I will be upgrading to the latest 2.7
or 3.0 in the near future.
Here is what I have in my squid.conf with the changes that you suggested:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/cache/squid
http_port 80 accel vport
cache_peer 172.21.174.78 parent 80 0 no-query originserver round-robin
login=PASS
acl mainSite dstdomain www-dev1.company.com
http_access allow mainSite
cache_peer_access 172.21.174.78 allow mainSite
cache_peer_access 172.21.174.78 deny all
acl otherSites dstdomain .company.com
deny_info http://www-dev1.company.com/ otherSites
http_access deny otherSites
http_access deny all
icp_access deny all
forwarded_for off
follow_x_forwarded_for allow all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
logformat combined %{Host}h %a %ui %un [%tl] %rm %ru HTTP/%rv %Hs %st %{Referer}h
%{User-Agent}h %Ss:%Sh
access_log /var/log/squid/access.log combined
collapsed_forwarding on
vary_ignore_expire on
cache_effective_user squid
cache_store_log none
client_db off
cache_mem 512 MB
cache_dir ufs /var/cache/squid 3000 10 10
I see the following in my squid access logs:
www-dev4.pepboys.com 172.21.84.170 - - [05/Jan/2010:12:02:56 -0500] GET http://172.21.219.60/
HTTP/1.1 302 385 - Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.1.6)
Gecko/20091201 Firefox/3.5.6 TCP_DENIED:NONE
Does it matter that the changes are being reported as a 302 instead of a 301?
302 indicates a temporary move, 301 a permanent move. I don't think
it's possible to redirect using a 301 with deny_access.
I don't know if it does or not.
Besides a little wasted bandwidth (with a 301 the client is more likely
to remember and perform the redirection locally instead of hitting
your deny_info rule), probably not.
Thanks,
Drew
Chris
Re: [squid-users] Apache 301 redirects working with squid
Drew Wrobel wrote: I tried looking at the squid documentation and the board but I didn't find anything. As part of my Apache server configured, I have a mod_rewrite rule setup to do a 301 redirect for any URL that doesn't start with www.company.com. This was at the request of some end-users and because there are about 30 or do domains that we have that all server up the same content. The 301 redirect works fine with apache. I go to www-test.company.com and I get redirected to www.company.com as I expected. Now I need to get the 301 redirect to work with our squid caching servers. If I go to www-test.pepboys.com, I do not get redirected like I would going directly through Apache. Not sure what I need to change in the configuration to get the 301 redirects to work. Here the configuration from our non-production squid server (the only difference between production and non-production is the number of cache_peer entries): You failed to specify what Squid version. I will assume you have one of the current production releases numbered 2.6+ which are capable of doing what you want. acl all src 0.0.0.0/0.0.0.0 acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl SSL_ports port 443 acl CONNECT method CONNECT hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache coredump_dir /var/cache/squid http_port 80 accel vport cache_peer 172.21.174.78 parent 80 0 no-query originserver round-robin login=PASS Add these here: acl mainSite dstdomain www.company.com http_access allow mainSite cache_peer_access 172.21.174.78 allow mainSite cache_peer_access 172.21.174.78 deny all acl otherSites dstdomain .company.com deny_info http://www.company.com/ otherSites http_access deny otherSites http_access deny all Drop all these: acl webserver dst 172.21.174.78 http_access allow webserver http_access allow all miss_access allow webserver miss_access allow all http_access deny all Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.15
