Squid as reverse proxy

  • Hi.

    I'd like to run Squid as a reverse proxy for multiple webservers on my LAN. The configuration was easy, I'd just added  httpd_accel_single_host off, changed the http_access rules in /usr/local/etc/squid.conf and created a firewall rule that NATs all incoming HTTP traffic to port 3128 on the local LAN interface.

    The problem is that pfSense (or Squid) seems to remove my changes to squid.conf at every reboot! I tried write-protecting the file, but that didn't help. Is there anyting else I can do to stop it from removing my changes?



  • conf-files are generated from the config.xml on reboot and on changes inthe webgui. You could store your modified files somewhere on the pfsense and copy them over the generated ones after reboot with a hidden config.xml option maybe: http://faq.pfsense.com/index.php?action=artikel&cat=10&id=38&artlang=en&highlight=hidden
    Make sure to reload the services after replacing the conf files and don'T touch the webgui any more ;-)

    Or have a look at the squid package and try to add some gui elements for that function and commit it back. This would be the cleaner attempt.

  • Thanks, I'll take a look at that!

  • You should really take a look at this: http://varnish.linpro.no/

Log in to reply