pfSense Support Subscription

Author Topic: Squid 3 Reverse proxy not working  (Read 3232 times)

0 Members and 1 Guest are viewing this topic.

Offline cjbujold

  • Full Member
  • ***
  • Posts: 137
  • Karma: +3/-0
    • View Profile
Squid 3 Reverse proxy not working
« on: June 28, 2012, 03:41:46 pm »
I have installed Squid 3 3.1.20 pkg 2.0.5_2  and configured the reverse proxy section ( only thing I want to use) and it does not work.  No URL are being redirected.   Following is my configuration.  Please help.

Thanks
cjb

# This file is automatically generated by pfSense
# Do not edit manually !
http_port 192.168.20.1:3128
icp_port 7

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language af
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 0
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  192.168.20.0/24
httpd_suppress_version_string on
uri_whitespace strip

acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 100 16 256
minimum_object_size 0 KB
maximum_object_size 10 KB
offline_mode off
# No redirector configured


#Remote proxies


# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
acl sslports port 443 563 
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT

http_access allow manager localhost
 
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allsrc

# Reverse Proxy settings
http_port 192.168.200.133:80 accel defaultsite=accra.ca vhost
#Accra HelpDesk
cache_peer 192.168.20.15 parent 8081 0 proxy-only no-query originserver login=PASS name=AccraHelpDesk

acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.accra.ca.*$
acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.filopto.com.*$
acl AccraHelpDesk url_regex -i accra.ca/http://accrahelpdesk.accra.ca.*$
acl AccraHelpDesk url_regex -i accra.ca/http://support.accra.ca.*$
cache_peer_access AccraHelpDesk allow AccraHelpDesk
cache_peer_access AccraHelpDesk allow AccraHelpDesk
cache_peer_access AccraHelpDesk allow AccraHelpDesk
cache_peer_access AccraHelpDesk allow AccraHelpDesk
cache_peer_access AccraHelpDesk deny allsrc
cache_peer_access AccraHelpDesk deny allsrc
cache_peer_access AccraHelpDesk deny allsrc
cache_peer_access AccraHelpDesk deny allsrc
never_direct allow AccraHelpDesk
never_direct allow AccraHelpDesk
never_direct allow AccraHelpDesk
never_direct allow AccraHelpDesk
http_access allow AccraHelpDesk
http_access allow AccraHelpDesk
http_access allow AccraHelpDesk
http_access allow AccraHelpDesk


# Custom options


# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny allsrc

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13352
  • Karma: +579/-6
    • View Profile
Re: Squid 3 Reverse proxy not working
« Reply #1 on: June 28, 2012, 04:15:43 pm »
Did you changed pfsense gui port to other then 80,443?

Can you check your config to see if there is missing a space or hosts are misconfigured?

Code: [Select]
acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.accra.ca.*$
acl AccraHelpDesk url_regex -i accra.ca/http://helpdesk.filopto.com.*$
acl AccraHelpDesk url_regex -i accra.ca/http://accrahelpdesk.accra.ca.*$
acl AccraHelpDesk url_regex -i accra.ca/http://support.accra.ca.*$

EDIT:

There are some bugs using only squid-reverse function. I'm checking and fixing it on a clean 2.0.1 install.
I'll release a fix when I get it working...
« Last Edit: June 28, 2012, 05:55:06 pm by marcelloc »

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13352
  • Karma: +579/-6
    • View Profile
Re: Squid 3 Reverse proxy not working
« Reply #2 on: June 28, 2012, 09:56:45 pm »
I've pushed some fixes, please re install the package, check mappings tab and test again.

Offline cjbujold

  • Full Member
  • ***
  • Posts: 137
  • Karma: +3/-0
    • View Profile
Re: Squid 3 Reverse proxy not working
« Reply #3 on: June 30, 2012, 07:11:48 am »
answers to questions

1) no I have not set  the pfsense gui port to anything else but what is the default  port 80 & 443

2) reinstalled latest package and checked the mapping tab, see no error and nothing is being rerouted.

Nothing is showing in the Real time tab (log) I am presuming nothing is getting caught since I am not being redirected.

What does the ^http://www.mydomain.com/.*$  format provide more than the http://HTTP://accrahelpdesk.accra.ca ?  Should I use it  like this ^http://accrahelpdesk.accra.ca/.*$  instead of the straight URL?

Thanks for the help, Willing to try any of your fixes, just let me know.

cjb

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 13352
  • Karma: +579/-6
    • View Profile
Re: Squid 3 Reverse proxy not working
« Reply #4 on: June 30, 2012, 07:35:16 am »
1) no I have not set  the pfsense gui port to anything else but what is the default  port 80 & 443
So, change it and disable automatic redirect rule on system advanced

What does the ^http://www.mydomain.com/.*$  format provide more than the http://HTTP://accrahelpdesk.accra.ca ?  Should I use it  like this ^http://accrahelpdesk.accra.ca/.*$  instead of the straight URL?

You can use any combination, my suggestion is:
^http://accrahelpdesk.accra.ca/ or just accrahelpdesk.accra.ca

Nothing is showing in the Real time tab (log) I am presuming nothing is getting caught since I am not being redirected.
Did you enabled squid logs on proxy server config?