{"id":47,"date":"2009-05-23T23:10:04","date_gmt":"2009-05-23T15:10:04","guid":{"rendered":"http:\/\/karyleong.net\/?p=47"},"modified":"2009-05-23T23:10:04","modified_gmt":"2009-05-23T15:10:04","slug":"reverse-proxy-configuration","status":"publish","type":"post","link":"https:\/\/karyleong.net\/?p=47","title":{"rendered":"Reverse Proxy Configuration"},"content":{"rendered":"<h2>Squid + CentOS 5<\/h2>\n<p>Below config will make the proxy server point to one local web server.<\/p>\n<p><span style=\"color: #000080;\">#on 80 port load default site content<br \/>\nhttp_port 80 vhost defaultsite=192.168.10.23<\/span><\/p>\n<p><span style=\"color: #000080;\">#on 443 SSL port load default site content and using the given cert and key<br \/>\nhttps_port 443 defaultsite=192.168.10.23 cert=\/etc\/squid\/server.crt key=\/etc\/squid\/server.key<\/span><\/p>\n<p><span style=\"color: #000080;\">#cache the given IP content on port 80 and pass the HTTP auth info<br \/>\ncache_peer 192.168.10.23 parent 80 0 no-query originserver login=PASS<\/span><\/p>\n<p>hierarchy_stoplist cgi-bin ?<br \/>\nacl QUERY urlpath_regex cgi-bin \\?<br \/>\ncache deny QUERY<br \/>\nacl apache rep_header Server ^Apache<br \/>\nbroken_vary_encoding allow apache<br \/>\naccess_log \/var\/log\/squid\/access.log squid<br \/>\nrefresh_pattern ^ftp:\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 1440\u00a0\u00a0\u00a0 20%\u00a0\u00a0\u00a0 10080<br \/>\nrefresh_pattern ^gopher:\u00a0\u00a0\u00a0 1440\u00a0\u00a0\u00a0 0%\u00a0\u00a0\u00a0 1440<br \/>\nrefresh_pattern .\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 0\u00a0\u00a0\u00a0 20%\u00a0\u00a0\u00a0 4320<br \/>\nacl all src 0.0.0.0\/0.0.0.0<br \/>\nacl manager proto cache_object<br \/>\nacl localhost src 127.0.0.1\/255.255.255.255<\/p>\n<p><span style=\"color: #000080;\">#create the local LAN address for allow access<br \/>\nacl locallan src 192.168.10.0\/255.255.255.0<\/span><\/p>\n<p>acl to_localhost dst 127.0.0.0\/8<br \/>\nacl SSL_ports port 443<br \/>\nacl Safe_ports port 80\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 # http<br \/>\nacl Safe_ports port 21\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 # ftp<br \/>\nacl Safe_ports port 443\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 # https<br \/>\nacl Safe_ports port 70\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 # gopher<br \/>\nacl Safe_ports port 210\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 # wais<br \/>\nacl Safe_ports port 1025-65535\u00a0\u00a0\u00a0 # unregistered ports<br \/>\nacl Safe_ports port 280\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 # http-mgmt<br \/>\nacl Safe_ports port 488\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 # gss-http<br \/>\nacl Safe_ports port 591\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 # filemaker<br \/>\nacl Safe_ports port 777\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 # multiling http<br \/>\nacl CONNECT method CONNECT<br \/>\nhttp_access allow manager localhost<\/p>\n<p><span style=\"color: #000080;\">#apply local LAN to allow access list<br \/>\nhttp_access allow locallan<\/span><\/p>\n<p>http_access deny manager<br \/>\nhttp_access deny !Safe_ports<br \/>\nhttp_access deny CONNECT !SSL_ports<br \/>\nhttp_access allow localhost<br \/>\nhttp_access deny all<br \/>\nhttp_reply_access allow all<br \/>\nicp_access allow all<br \/>\ncoredump_dir \/var\/spool\/squid<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Squid + CentOS 5 Below config will make the proxy server point to one local web server. #on 80 port load default site content http_port 80 vhost defaultsite=192.168.10.23 #on 443 SSL port load default site content and using the given cert and key https_port 443 defaultsite=192.168.10.23 cert=\/etc\/squid\/server.crt key=\/etc\/squid\/server.key #cache the given IP content on port &#8230; <a title=\"Reverse Proxy Configuration\" class=\"read-more\" href=\"https:\/\/karyleong.net\/?p=47\" aria-label=\"More on Reverse Proxy Configuration\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/karyleong.net\/index.php?rest_route=\/wp\/v2\/posts\/47"}],"collection":[{"href":"https:\/\/karyleong.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/karyleong.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/karyleong.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/karyleong.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=47"}],"version-history":[{"count":2,"href":"https:\/\/karyleong.net\/index.php?rest_route=\/wp\/v2\/posts\/47\/revisions"}],"predecessor-version":[{"id":49,"href":"https:\/\/karyleong.net\/index.php?rest_route=\/wp\/v2\/posts\/47\/revisions\/49"}],"wp:attachment":[{"href":"https:\/\/karyleong.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=47"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/karyleong.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=47"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/karyleong.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=47"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}