Discussion:
[squid-users] Trailing Slash / Using Reverse Proxy
(too old to reply)
Brad Taylor
2007-01-08 14:44:56 UTC
Permalink
I'm using Squid 2.6 in reverse proxy / accelerator mode and IIS 6.0 as
the back end web server. We are having a problem with trailing slashes
not working through Squid but working through IIS.

Request for https://www.exmaple.com will add the trailing slash going
through both Squid and IIS -> https://www.example.com/

But

Request for https://www.example.com/test will not work through Squid but
IIS will add the trailing slash https://www.example.com/test/

Going through Squid the browser receives "The page cannot be displayed"
with the address as http://10.10.1.108/test/ The IP address is the
internal IP address of the IIS web server and the request changed from
https to http.

What do I need to do so that the trailing slash is added to the end of a
URL when using a sub directory and going through Squid? Thanks for any
help.

Brad
Henrik Nordstrom
2007-01-08 15:38:42 UTC
Permalink
Post by Brad Taylor
Request for https://www.example.com/test will not work through Squid but
IIS will add the trailing slash https://www.example.com/test/
What happens here is that the web server says "Sorry, the URL you
requested is not valid. You should go to http://my.server.name/test/
instead.
Post by Brad Taylor
Going through Squid the browser receives "The page cannot be displayed"
with the address as http://10.10.1.108/test/ The IP address is the
internal IP address of the IIS web server and the request changed from
https to http.
Set up the reverse proxy not rewriting the Host name component and
things will work much better. This way the web server knows it's
external name and the URLs generated by the web server will be correct.

REgards
Henrik
Brad Taylor
2007-01-08 23:20:13 UTC
Permalink
Post by Henrik Nordstrom
Post by Brad Taylor
Request for https://www.example.com/test will not work through Squid but
IIS will add the trailing slash https://www.example.com/test/
What happens here is that the web server says "Sorry, the URL you
requested is not valid. You should go to http://my.server.name/test/
instead.
Post by Brad Taylor
Going through Squid the browser receives "The page cannot be
displayed"
Post by Henrik Nordstrom
Post by Brad Taylor
with the address as http://10.10.1.108/test/ The IP address is the
internal IP address of the IIS web server and the request changed from
https to http.
Set up the reverse proxy not rewriting the Host name component and
things will work much better. This way the web server knows it's
external name and the URLs generated by the web server will be correct.
How would I setup the reverse proxy to not rewrite the host name
componet? Here is my config file:

http_port 80
https_port 443 cert=/etc/squid/example.com-11-07.pem
key=/etc/squid/example.com_key-11-07.pem options=NO_SSLv2
cipher=DEFAULT:!EXPORT:!LOW
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl JS url_regex .js$
no_cache deny JS
acl CSS url_regex .css$
no_cache deny CSS
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern -i \.jpg$ 0 100% 10080
refresh_pattern -i \.gif$ 0 100% 10080
refresh_pattern -i \.png$ 0 100% 10080
refresh_pattern -i \.bmp$ 0 100% 10080
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl CONNECT method CONNECT
acl port80 myport 80
acl port443 port 443
acl port563 port 563
acl TheOriginServer dst 10.10.1.100
#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access allow port563
http_access allow port443
http_access deny port80
http_access allow TheOriginServer
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_host 10.10.1.100
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy off
deny_info https://www.example.com/ port80
coredump_dir /var/spool/squid
visible_hostname www.example.com
logfile_rotate 9
Henrik Nordstrom
2007-01-09 01:05:44 UTC
Permalink
Post by Brad Taylor
How would I setup the reverse proxy to not rewrite the host name
componet?
Depends on how you set things up. If setting up Squid as a vhost then it
by default doesn't.
Post by Brad Taylor
http_port 80
https_port 443 cert=/etc/squid/example.com-11-07.pem
key=/etc/squid/example.com_key-11-07.pem options=NO_SSLv2
cipher=DEFAULT:!EXPORT:!LOW
No defaultsite or vhost? Which version is this? 2.5? If so upgrade..
Post by Brad Taylor
httpd_accel_host 10.10.1.100
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy off
Ah, yes it's 2.5. Upgrade and it's easier to keep sanity...

For 2.5 set httpd_accel_host to the official name of the accelerated
site, and add it in /etc/hosts with the IP of the internal server. Or
alternatively enable httpd_accel_uses_host_header. But I strongly advice
upgrading to 2.6.

Regards
Henrik
Brad Taylor
2007-01-10 16:16:10 UTC
Permalink
Thanks.

Where I could get a Squid 2.6 RPM For Red Hat Enterprise 4?

Brad

-----Original Message-----
From: Henrik Nordstrom [mailto:***@henriknordstrom.net]
Sent: Monday, January 08, 2007 8:06 PM
To: Brad Taylor
Cc: squid-***@squid-cache.org
Subject: RE: [squid-users] Trailing Slash / Using Reverse Proxy
Post by Brad Taylor
How would I setup the reverse proxy to not rewrite the host name
componet?
Depends on how you set things up. If setting up Squid as a vhost then it
by default doesn't.
Post by Brad Taylor
http_port 80
https_port 443 cert=/etc/squid/example.com-11-07.pem
key=/etc/squid/example.com_key-11-07.pem options=NO_SSLv2
cipher=DEFAULT:!EXPORT:!LOW
No defaultsite or vhost? Which version is this? 2.5? If so upgrade..
Post by Brad Taylor
httpd_accel_host 10.10.1.100
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy off
Ah, yes it's 2.5. Upgrade and it's easier to keep sanity...

For 2.5 set httpd_accel_host to the official name of the accelerated
site, and add it in /etc/hosts with the IP of the internal server. Or
alternatively enable httpd_accel_uses_host_header. But I strongly advice
upgrading to 2.6.

Regards
Henrik
Henrik Nordstrom
2007-01-10 16:43:26 UTC
Permalink
Post by Brad Taylor
Thanks.
Where I could get a Squid 2.6 RPM For Red Hat Enterprise 4?
From the personal page of the RedHat Squid package maintainer. Not
supported as part of your RHEL support agreement, but available. URL can
be found in the archives somewhere (or just Google for Squid-2.6 RHEL)

Also simply rebuilding the up to date Fedora source RPMs on RHEL should
work fine I think.

Regards
Henrik

Loading...