thanks for the quick reply. Actually those lines are no commented out. and ACL name is corrected.
The browser is on the proxy machine(10.0.0.1) who host file points testsquid.com to 10.0.0.1 itself. Squid which is in reverse mode listen to port 80 in 10.0.0.1 is grabbing each request. but returning TCP_DENIED/403 for testsquid.com. Instead of returning the webserver static index file As you told i have one browser machine win7 machine. in which i edited host file and set testsquid.com to 10.0.0.1(proxy machine ip) But behaviour remains same. below is my actual squid config acl PURGE method purge acl SSL_ports port 443 445 448 563 1024-65535 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl local_addresses dst "/usr/local/squid/etc/local_addresses.conf" acl allowsquid dstdomain testsquid.com httpd_suppress_version_string on cache allow all cache_effective_user nobody cache_effective_group nobody cache_log /usr/local/squid/var/logs/cache.1.100.log cache_store_log none half_closed_clients off hierarchy_stoplist $ cgi ? & ; .asp .shtml localhost http_access allow manager localhost http_access allow allowsquid http_access allow manager cachemgr http_access deny manager http_access deny CONNECT !SSL_ports http_access deny CONNECT local_addresses http_access allow purge localhost http_access allow purge cachemgr http_access deny purge http_access allow all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all http_reply_access allow all log_icp_queries off maximum_object_size 0 KB maximum_object_size_in_memory 0 KB request_header_max_size 64 KB reply_header_max_size 64 KB strip_query_terms off uri_whitespace encode visible_hostname squidproxy icp_access allow all http_port 10.0.0.1:80 accel defaultsite=testsquid.com cache_peer 10.0.0.2 parent 80 0 no-query originserver name=squidtest cache_peer_access squidtest allow allowsquid cache_peer_access squidtest deny all acl QUERY urlpath_regex cgi-bin \? cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 Is there anything faulty in my config? Regards, Joseph On Wed, Aug 12, 2015 at 6:22 PM, Antony Stone < [email protected]> wrote: > On Wednesday 12 August 2015 at 14:38:55, joseph jose wrote: > > > Hi, > > > > I have set up squid in reverse proxy mode to cache an apache webserver > > hosted in linux vm. > > > > IP of my squid reverse proxy is 10.0.0.1 and 10.0.0.2 is the ip of > > webserver which is also a linux vm > > Your squid server has only one interface and IP address? > > > my config is as follows > > > > #acl squidallow dstdomain testsquid.com > > # > > # > > #http_port 10.0.0.1:80 accel defaultsite=testsquid.com > > # > > # > > #cache_peer 10.0.0.2 parent 80 0 no-query originserver name=squidtest > > #cache_peer_access squidtest allow allowsquid > > I sincerely hope you don't mean that these directives are all commented > out, > thus not having any effect? > > Even if they're not commented out, do you see the discrepancy between > "squidallow" in the first line and "allowsquid" in the last? > > > In the squid proxy machine i have edited the host file and set > > testsquid.com 10.0.0.1 (which is the ip of proxy machine itself), as > proxy > > is configured in reverse mode, it is supposed to serve the static page > > from webserver (10.0.0.2). > > What's more important than /etc/hosts on the squid server is what machine > you > are running the browser on, and what does *that* machine resolve > testsquid.com > to? > > > But when i open browser and search for testsquid.com, squid is logging > > request but returning a TCP_DENIED/403 status. > > Sounds like the browser is successfully seeing testsquid.com as 10.0.0.1, > then, however you should be careful about trying to run tests like this on > too > few machines - you should have the browser on one machine, squid on a > second, > and the web server on a third (no matter whether any of these are real > machines or VMs). > > > Regards, > > > Antony. > > -- > Users don't know what they want until they see what they get. > > Please reply to the > list; > please *don't* CC > me. > _______________________________________________ > squid-users mailing list > [email protected] > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
