Re: [squid-users] Reverse proxy and redirect program

Thu, 27 Feb 2003 08:00:14 -0800 

Seems your redirector did not rewrite the URL.

Quick chec... nope. If given http://squid.xyz.com/james/ your redirector
gives the exact same URL back..

[to tired to look into your perl program to tell why, but at least you
know where to look]

Regards
Henrik


tor 2003-02-27 klockan 16.59 skrev Jack:
> Hello Henrik,
> 
> My access.log shows
> 
> 1046356085.237      2 172.16.1.111 TCP_MISS/403 1022 GET
> http://squid.xyz.com/james/ - NONE/- -
> 1046356085.239      9 172.16.1.135 TCP_MISS/403 1051 GET
> http://squid.xyz.com/james/ - DIRECT/172.16.1.111 text/html
> 
> Here 172.16.1.111 is reverse proxy ip address(squid.xyz.com resolves to this
> ip address) and 172.16.1.135 is clients ip address.
> 
> My access.log
> 2003/02/27 19:58:05| WARNING: Forwarding loop detected for:
> GET /james/ HTTP/1.0^M
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> application/msword,
>  application/vnd.ms-excel, */*^M
> Accept-Language: en-us^M
> Accept-Encoding: gzip, deflate^M
> User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)^M
> Via: 1.1 squid:80 (Squid/2.4.STABLE7)^M
> X-Forwarded-For: 172.16.1.135^M
> Host: squid.xyz.com^M
> Cache-Control: max-age=259200^M
> Connection: keep-alive^M
> 
> My exact requirement is i want to run running reverse proxy for domino web
> server.
> 
> Regards,
> Jack
> 
> 
> 
> 
> 
> > tor 2003-02-27 klockan 11.27 skrev Jack:
> >
> > > if squid receives squid.xyz.com/jack/ then it should redirect to
> 172.16.1.10
> > > web server and for squid.xyz.com/james it should redirect to 172.16.1.11
> > >
> > > So redir.pl looks like
> > >
> > > #!/usr/bin/perl -p
> > > BEGIN { $|=1;}
> > > s%http://squid.xyz.com/jack/\b%http://172.16.1.10/test/% && next;
> > > s%http://squid.xyz.com/james/\b%http://172.16.1.11% && next;
> > >
> > > When i try this setup i get access denied page from squid
> >
> > What do you get in access.log?
> >
> > Anything in cache.log?
> >
> > > even though i set
> > > http_access allow all
> >
> > don't. doing so will create an open proxy for which is is only a matter
> > of minutes before it gets abused by various hackers..
> >
> >
> > Accelerators SHOULD ALWAYS set up access control limit which
> > destinations is allowed to be reached.
> >
> > --
> > Henrik Nordstrom <[EMAIL PROTECTED]>
> > MARA Systems AB, Sweden
> 
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com
-- 
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden

Reply via email to