Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid 3 Reverse proxy not working

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cjbujold
      last edited by

      I have installed Squid 3 3.1.20 pkg 2.0.5_2  and configured the reverse proxy section ( only thing I want to use) and it does not work.  No URL are being redirected.  Following is my configuration.  Please help.

      Thanks
      cjb

      This file is automatically generated by pfSense

      Do not edit manually !

      http_port 192.168.20.1:3128
      icp_port 7

      pid_filename /var/run/squid.pid
      cache_effective_user proxy
      cache_effective_group proxy
      error_default_language af
      icon_directory /usr/local/etc/squid/icons
      visible_hostname localhost
      cache_mgr admin@localhost
      access_log /var/squid/logs/access.log
      cache_log /var/squid/logs/cache.log
      cache_store_log none
      sslcrtd_children 0
      logfile_rotate 0
      shutdown_lifetime 3 seconds

      Allow local network(s) on interface(s)

      acl localnet src  192.168.20.0/24
      httpd_suppress_version_string on
      uri_whitespace strip

      acl dynamic urlpath_regex cgi-bin ?
      cache deny dynamic
      cache_mem 8 MB
      maximum_object_size_in_memory 32 KB
      memory_replacement_policy heap GDSF
      cache_replacement_policy heap LFUDA
      cache_dir ufs /var/squid/cache 100 16 256
      minimum_object_size 0 KB
      maximum_object_size 10 KB
      offline_mode off

      No redirector configured

      #Remote proxies

      Setup some default acls

      acl allsrc src all
      acl localhost src 127.0.0.1/32
      acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
      acl sslports port 443 563 
      acl manager proto cache_object
      acl purge method PURGE
      acl connect method CONNECT

      http_access allow manager localhost

      http_access deny manager
      http_access allow purge localhost
      http_access deny purge
      http_access deny !safeports
      http_access deny CONNECT !sslports

      Always allow localhost connections

      http_access allow localhost

      request_body_max_size 0 KB
      delay_pools 1
      delay_class 1 2
      delay_parameters 1 -1/-1 -1/-1
      delay_initial_bucket_level 100
      delay_access 1 allow allsrc

      Reverse Proxy settings

      http_port 192.168.200.133:80 accel defaultsite=accra.ca vhost
      #Accra HelpDesk
      cache_peer 192.168.20.15 parent 8081 0 proxy-only no-query originserver login=PASS name=AccraHelpDesk

      acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.accra.ca.$
      acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.filopto.com.
      $
      acl AccraHelpDesk url_regex -i accra.ca/http://accrahelpdesk.accra.ca.$
      acl AccraHelpDesk url_regex -i accra.ca/http://support.accra.ca.
      $
      cache_peer_access AccraHelpDesk allow AccraHelpDesk
      cache_peer_access AccraHelpDesk allow AccraHelpDesk
      cache_peer_access AccraHelpDesk allow AccraHelpDesk
      cache_peer_access AccraHelpDesk allow AccraHelpDesk
      cache_peer_access AccraHelpDesk deny allsrc
      cache_peer_access AccraHelpDesk deny allsrc
      cache_peer_access AccraHelpDesk deny allsrc
      cache_peer_access AccraHelpDesk deny allsrc
      never_direct allow AccraHelpDesk
      never_direct allow AccraHelpDesk
      never_direct allow AccraHelpDesk
      never_direct allow AccraHelpDesk
      http_access allow AccraHelpDesk
      http_access allow AccraHelpDesk
      http_access allow AccraHelpDesk
      http_access allow AccraHelpDesk

      Custom options

      Setup allowed acls

      Allow local network(s) on interface(s)

      http_access allow localnet

      Default block all to be sure

      http_access deny allsrc

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Did you changed pfsense gui port to other then 80,443?

        Can you check your config to see if there is missing a space or hosts are misconfigured?

        acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.accra.ca.*$
        acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.filopto.com.*$
        acl AccraHelpDesk url_regex -i accra.ca/http://accrahelpdesk.accra.ca.*$
        acl AccraHelpDesk url_regex -i accra.ca/http://support.accra.ca.*$
        

        EDIT:

        There are some bugs using only squid-reverse function. I'm checking and fixing it on a clean 2.0.1 install.
        I'll release a fix when I get it working…

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          I've pushed some fixes, please re install the package, check mappings tab and test again.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • C
            cjbujold
            last edited by

            answers to questions

            1. no I have not set  the pfsense gui port to anything else but what is the default  port 80 & 443

            2. reinstalled latest package and checked the mapping tab, see no error and nothing is being rerouted.

            Nothing is showing in the Real time tab (log) I am presuming nothing is getting caught since I am not being redirected.

            What does the ^http://www.mydomain.com/.$  format provide more than the HTTP://accrahelpdesk.accra.ca ?  Should I use it  like this ^http://accrahelpdesk.accra.ca/.$  instead of the straight URL?

            Thanks for the help, Willing to try any of your fixes, just let me know.

            cjb

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              @cjbujold:

              1. no I have not set  the pfsense gui port to anything else but what is the default  port 80 & 443

              So, change it and disable automatic redirect rule on system advanced

              @cjbujold:

              What does the ^http://www.mydomain.com/.$  format provide more than the HTTP://accrahelpdesk.accra.ca ?  Should I use it  like this ^http://accrahelpdesk.accra.ca/.$  instead of the straight URL?

              You can use any combination, my suggestion is:
              ^http://accrahelpdesk.accra.ca/ or just accrahelpdesk.accra.ca

              @cjbujold:

              Nothing is showing in the Real time tab (log) I am presuming nothing is getting caught since I am not being redirected.

              Did you enabled squid logs on proxy server config?

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.