THOMAS ALLISON wrote:
>
> Has anyone been able to get a gateway PC running squid to do both
> forward proxy for the internal LAN browsers AND reverse proxy to an
> internal LAN webserver?
Sure.
httpd_accel_host your.internal.server
httpd_accel_with_proxy on
and then where it is indicated that you should add your own access
rules, the following immediately after the comment:
# Allow local lan to use the proxy
acl local_lan src 192.168.1.0/24
http_access allow local_lan
# Allow everyone to use the accelerator
acl accel_server dst your.internal.server
acl 80 port 80
http_access allow your.internal.server 80
However, there will still be problems for internal users to reach the
internal server if they try to go via the proxy. This is because Squid
won't notice that it is a request for the accelerated server and
therefore forwards it to itself. This can be solved in three different
ways:
a) Adding the internal domain to the no-proxy settings in the browser
b) Use of a redirector helper to rewrite proxied request for the
accelerated domain to the address of the internal server
c) Set up DNS or /etc/hosts for the Squid server to make the accelerated
domain resolve to the internal IP when Squid (or perhaps the internal
clients) looks for it, and not the Squid server.
-- Henrik Nordstrom Squid hacker -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Sat Dec 16 2000 - 09:21:28 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:59 MST