Squid 3 Reverse proxy not working
-
I have installed Squid 3 3.1.20 pkg 2.0.5_2 and configured the reverse proxy section ( only thing I want to use) and it does not work. No URL are being redirected. Following is my configuration. Please help.
Thanks
cjbThis file is automatically generated by pfSense
Do not edit manually !
http_port 192.168.20.1:3128
icp_port 7pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language af
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 0
shutdown_lifetime 3 secondsAllow local network(s) on interface(s)
acl localnet src 192.168.20.0/24
httpd_suppress_version_string on
uri_whitespace stripacl dynamic urlpath_regex cgi-bin ?
cache deny dynamic
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 100 16 256
minimum_object_size 0 KB
maximum_object_size 10 KB
offline_mode offNo redirector configured
#Remote proxies
Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECThttp_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslportsAlways allow localhost connections
http_access allow localhost
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allsrcReverse Proxy settings
http_port 192.168.200.133:80 accel defaultsite=accra.ca vhost
#Accra HelpDesk
cache_peer 192.168.20.15 parent 8081 0 proxy-only no-query originserver login=PASS name=AccraHelpDeskacl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.accra.ca.$
acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.filopto.com.$
acl AccraHelpDesk url_regex -i accra.ca/http://accrahelpdesk.accra.ca.$
acl AccraHelpDesk url_regex -i accra.ca/http://support.accra.ca.$
cache_peer_access AccraHelpDesk allow AccraHelpDesk
cache_peer_access AccraHelpDesk allow AccraHelpDesk
cache_peer_access AccraHelpDesk allow AccraHelpDesk
cache_peer_access AccraHelpDesk allow AccraHelpDesk
cache_peer_access AccraHelpDesk deny allsrc
cache_peer_access AccraHelpDesk deny allsrc
cache_peer_access AccraHelpDesk deny allsrc
cache_peer_access AccraHelpDesk deny allsrc
never_direct allow AccraHelpDesk
never_direct allow AccraHelpDesk
never_direct allow AccraHelpDesk
never_direct allow AccraHelpDesk
http_access allow AccraHelpDesk
http_access allow AccraHelpDesk
http_access allow AccraHelpDesk
http_access allow AccraHelpDeskCustom options
Setup allowed acls
Allow local network(s) on interface(s)
http_access allow localnet
Default block all to be sure
http_access deny allsrc
-
Did you changed pfsense gui port to other then 80,443?
Can you check your config to see if there is missing a space or hosts are misconfigured?
acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.accra.ca.*$ acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.filopto.com.*$ acl AccraHelpDesk url_regex -i accra.ca/http://accrahelpdesk.accra.ca.*$ acl AccraHelpDesk url_regex -i accra.ca/http://support.accra.ca.*$EDIT:
There are some bugs using only squid-reverse function. I'm checking and fixing it on a clean 2.0.1 install.
I'll release a fix when I get it working… -
I've pushed some fixes, please re install the package, check mappings tab and test again.
-
answers to questions
-
no I have not set the pfsense gui port to anything else but what is the default port 80 & 443
-
reinstalled latest package and checked the mapping tab, see no error and nothing is being rerouted.
Nothing is showing in the Real time tab (log) I am presuming nothing is getting caught since I am not being redirected.
What does the ^http://www.mydomain.com/.$ format provide more than the HTTP://accrahelpdesk.accra.ca ? Should I use it like this ^http://accrahelpdesk.accra.ca/.$ instead of the straight URL?
Thanks for the help, Willing to try any of your fixes, just let me know.
cjb
-
-
- no I have not set the pfsense gui port to anything else but what is the default port 80 & 443
So, change it and disable automatic redirect rule on system advanced
What does the ^http://www.mydomain.com/.$ format provide more than the HTTP://accrahelpdesk.accra.ca ? Should I use it like this ^http://accrahelpdesk.accra.ca/.$ instead of the straight URL?
You can use any combination, my suggestion is:
^http://accrahelpdesk.accra.ca/ or just accrahelpdesk.accra.caNothing is showing in the Real time tab (log) I am presuming nothing is getting caught since I am not being redirected.
Did you enabled squid logs on proxy server config?
