3. Squid 3 Reverse proxy not working

Squid 3 Reverse proxy not working

  • C

    I have installed Squid 3 3.1.20 pkg 2.0.5_2  and configured the reverse proxy section ( only thing I want to use) and it does not work.  No URL are being redirected.  Following is my configuration.  Please help.

    Thanks
    cjb

    This file is automatically generated by pfSense

    Do not edit manually !

    http_port 192.168.20.1:3128
    icp_port 7

    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_default_language af
    icon_directory /usr/local/etc/squid/icons
    visible_hostname localhost
    cache_mgr admin@localhost
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    sslcrtd_children 0
    logfile_rotate 0
    shutdown_lifetime 3 seconds

    Allow local network(s) on interface(s)

    acl localnet src  192.168.20.0/24
    httpd_suppress_version_string on
    uri_whitespace strip

    acl dynamic urlpath_regex cgi-bin ?
    cache deny dynamic
    cache_mem 8 MB
    maximum_object_size_in_memory 32 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir ufs /var/squid/cache 100 16 256
    minimum_object_size 0 KB
    maximum_object_size 10 KB
    offline_mode off

    No redirector configured

    #Remote proxies

    Setup some default acls

    acl allsrc src all
    acl localhost src 127.0.0.1/32
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
    acl sslports port 443 563 
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT

    http_access allow manager localhost

    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports

    Always allow localhost connections

    http_access allow localhost

    request_body_max_size 0 KB
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow allsrc

    Reverse Proxy settings

    http_port 192.168.200.133:80 accel defaultsite=accra.ca vhost
    #Accra HelpDesk
    cache_peer 192.168.20.15 parent 8081 0 proxy-only no-query originserver login=PASS name=AccraHelpDesk

    acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.accra.ca.$
    acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.filopto.com.    $
    acl AccraHelpDesk url_regex -i accra.ca/http://accrahelpdesk.accra.ca.$
    acl AccraHelpDesk url_regex -i accra.ca/http://support.accra.ca.    $
    cache_peer_access AccraHelpDesk allow AccraHelpDesk
    cache_peer_access AccraHelpDesk allow AccraHelpDesk
    cache_peer_access AccraHelpDesk allow AccraHelpDesk
    cache_peer_access AccraHelpDesk allow AccraHelpDesk
    cache_peer_access AccraHelpDesk deny allsrc
    cache_peer_access AccraHelpDesk deny allsrc
    cache_peer_access AccraHelpDesk deny allsrc
    cache_peer_access AccraHelpDesk deny allsrc
    never_direct allow AccraHelpDesk
    never_direct allow AccraHelpDesk
    never_direct allow AccraHelpDesk
    never_direct allow AccraHelpDesk
    http_access allow AccraHelpDesk
    http_access allow AccraHelpDesk
    http_access allow AccraHelpDesk
    http_access allow AccraHelpDesk

    Custom options

    Setup allowed acls

    Allow local network(s) on interface(s)

    http_access allow localnet

    Default block all to be sure

    http_access deny allsrc

    0

  • Did you changed pfsense gui port to other then 80,443?

    Can you check your config to see if there is missing a space or hosts are misconfigured?

    acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.accra.ca.*$
acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.filopto.com.*$
acl AccraHelpDesk url_regex -i accra.ca/http://accrahelpdesk.accra.ca.*$
acl AccraHelpDesk url_regex -i accra.ca/http://support.accra.ca.*$

    EDIT:

    There are some bugs using only squid-reverse function. I'm checking and fixing it on a clean 2.0.1 install.
    I'll release a fix when I get it working…

    0

  • I've pushed some fixes, please re install the package, check mappings tab and test again.

    0
  • C

    answers to questions

    1. no I have not set  the pfsense gui port to anything else but what is the default  port 80 & 443

    2. reinstalled latest package and checked the mapping tab, see no error and nothing is being rerouted.

    Nothing is showing in the Real time tab (log) I am presuming nothing is getting caught since I am not being redirected.

    What does the ^http://www.mydomain.com/.$  format provide more than the HTTP://accrahelpdesk.accra.ca ?  Should I use it  like this ^http://accrahelpdesk.accra.ca/.$  instead of the straight URL?

    Thanks for the help, Willing to try any of your fixes, just let me know.

    cjb

    0

  • @cjbujold:

    1. no I have not set  the pfsense gui port to anything else but what is the default  port 80 & 443

    So, change it and disable automatic redirect rule on system advanced

    @cjbujold:

    What does the ^http://www.mydomain.com/.$  format provide more than the HTTP://accrahelpdesk.accra.ca ?  Should I use it  like this ^http://accrahelpdesk.accra.ca/.$  instead of the straight URL?

    You can use any combination, my suggestion is:
    ^http://accrahelpdesk.accra.ca/ or just accrahelpdesk.accra.ca

    @cjbujold:

    Nothing is showing in the Real time tab (log) I am presuming nothing is getting caught since I am not being redirected.

    Did you enabled squid logs on proxy server config?

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy