# Squid configuration for reverse-proxy

#	Listen on HTTP port
http_port 1.2.3.4:80

#	Enable HTTP acceleration:  act like an HTTP server handling
#	relative paths in HTTP GET/POST requests.  'virtual' means
#	to use the Host header.
httpd_accel_host virtual
#	Prepend Host header value to URL before handing to redirector
httpd_accel_uses_host_header on

#	Run redirector program to map URLs.  Note that http_access
#	ACLs apply only to the original URLs as squid received them,
#	not the URLs resulting from redirection.
redirect_program /usr/local/bin/squid-redir2
redirect_children 4
#	Pass Host header verbatim to backend server; otherwise it
#	gets the result of the redirect_program.
redirect_rewrites_host_header off

acl self_port	port 80
acl self_dst	dst 1.2.3.4

#	Deny access to any but the WWW port.  [Is this useful?  Will
#	the port be anything other than 80 in http_accel mode?]
http_access deny !self_port

#	Do not forward/proxy in a loop back to ourself.  Such loops
#	should only occur when we fail to modify the URL in the
#	redirector or fail to match the cache_peer patterns -- a screw
#	up.  Squid catches such loops itself but the consequent
#	cache.log entry is noisy.  We still get a "Failed to select
#	source" log entry in such cases.
never_direct allow self_dst self_port

#	Proxy requests to Zope for particular domain names.
#
#	All requests, including those that were changed by the redirector,
#	are considered here.  By explicitly allowing only the Zope-hosted
#	domains, all other requests are proxied directly to the URL given by
#	redirection (if any).
#
#	Note that messages forwarded to Zope as the cache_peer are
#	sent transparently.  If the redirector didn't change them,
#	Zope gets the message exactly as squid received it (except for
#	the originating IP address), as if Zope were running on port
#	80.
#
#	All messages proxied through this cache peer are flagged as
#	'*_PARENT/localhost' in access.log.
#
cache_peer localhost parent 8080 0 no-query default
acl zope_domain dstdomain example.com
acl zope_domain dstdomain www.example.com
...
cache_peer_access localhost allow zope_domain

#	Deny any other HTTP use
acl other_http	src 0/0
http_access deny other_http