I have an issue where I need to allow an external user to view a website
via the public IP and not a hostname since this is a development website
and there is no external DNS record out there for it.
The IP of my squid box is 172.16.0.10 and I have a separate network
connection setup on the squid box for each individual IP of the websites.
Each of these 172.16.0.x addresses are tied to a public IP.
This setup is in a DMZ so the 172.16.0.x address is forwarded to the
firewall and redirected to the internal IP of the appropriate webserver.
Again, I inherited this setup so I am not an Squid expert. I just need to
know how to edit this config for Client 2 so that an external user can use
a public IP instead of having to make a host file entry on their PC to
point store.client2.com to the pubic IP of the website for this to work for
them..
# Run Squid in virtual host mode
http_port 80 vhost
# Client1 reverse proxy config
https_port 172.16.0.107:443 protocol=https vhost
cert=/usr/local/squid/etc/devstore.pem
key=/usr/local/squid/etc/devstore.key
cache_peer 192.168.0.7 parent 80 0 no-query originserver
name=store.client1.com
acl client1 dstdomain store.client1.com
http_access allow client1
cache_peer_access store.client1.com allow client1
# Client2 reverse proxy config
https_port 172.16.0.111:443 protocol=https
cert=/usr/local/squid/etc/devstore.pem
key=/usr/local/squid/etc/devstore.key vhost
cache_peer 192.168.0.11 parent 80 0 no-query originserver
name=store.client2.com
acl client2 dstdomain store.client2.com
http_access allow client2
cache_peer_access store.client2.com allow client2
# Client3 reverse proxy config
https_port 172.16.0.105:443 protocol=https
cert=/usr/local/squid/etc/devstore.pem
key=/usr/local/squid/etc/devstore.key vhost
cache_peer 192.168.0.05 parent 80 0 no-query originserver
name=store.client3.com
acl client3 dstdomain store.client3.com
http_access allow client3
cache_peer_access store.client3.com allow client3
# Client4 reverse proxy config
https_port 172.16.0.106:443 protocol=https
cert=/usr/local/squid/etc/mycert.pem key=/usr/local/squid/etc/mycert.key
vhost
cache_peer 192.168.0.06 parent 80 0 no-query originserver
name=store.client4.com
acl client4 dstdomain store.client4.com
http_access allow client4
cache_peer_access store.client4.com allow client4
# OPAccess reverse proxy config
https_port 172.16.0.120:443 protocol=https
cert=/usr/local/squid/etc/opcert.pem key=/usr/local/squid/etc/opcert.key
vhost
cache_peer 192.168.0.20 parent 443 0 no-query originserver ssl
name=opaccess.homecompany.com
acl opaccess dstdomain opaccess.homecompany.com
http_access allow opaccess
cache_peer_access opaccess.homecompany.com allow opaccess
# --- Begin default config options --- #
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# And finally deny all other access to this proxy
http_access deny all
# and finally allow by default
http_reply_access allow all
#Allow ICP queries from everyone
icp_access allow all
# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache
Thanks,
Jack
***************************************************************************
Privilege and Confidentiality Notice
THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE UNDER THE APPLICABLE LAW.
If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any use of, disclosure, dissemination, distribution, forwarding, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email or telephone, and delete the original message immediately.
***************************************************************************
Received on Wed Mar 21 2007 - 10:19:05 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:02 MDT