[Zope] Squid redirector script

Fred Yankowski fred at ontosys.com
Tue Jan 6 11:26:13 EST 2004 

On Tue, Jan 06, 2004 at 04:02:00PM +0100, Ken wrote:
> The howtos I have read are just not clear enough for me about the
> redirector script/program needed to rewrite URLs. Must I install a
> program like Squirm or pyredir just to change incoming requests for
> 'http://mysite.com' to 'http://123.45.678.9:81/somedir'? Or can this
> be done with one line in squid.conf (I hope)?

I use a single squid instance as an accelerator front-end to a Zope
instance that handles several virtual hosts (via VHM), using squid's
"cache_peer" mechanism.  In your case this most pertinent config lines
would be something like this:

	cache_peer localhost parent 81 0 no-query default
	cache_peer_access localhost allow mysite.com

That way squid forwards to zope (port 81 on localhost) all HTTP
traffic destined for the 'mysite.com' virtual host.

Other squid HTTP-acceleration parameters must also be set as usual for
this to work.   (I think -- my squid instance also uses a
'redirect_program' to forward some traffic to back-end HTTP servers
other than Zope and I forget which config parameters apply to
redirection and which to cache-peering.)

I'll attach a sanitized version of my config file to this note.
BEWARE:  this truncated configuration might have security holes.

-- 
Fred Yankowski      fred at ontosys.com           tel: +1.630.879.1312
OntoSys, Inc	    PGP keyID: 7B449345        fax: +1.630.879.1370
www.ontosys.com     38W242 Deerpath Rd, Batavia, IL 60510-9461, USA
-------------- next part --------------
# Squid configuration for reverse-proxy

#	Listen on HTTP port
http_port 1.2.3.4:80

#	Enable HTTP acceleration:  act like an HTTP server handling
#	relative paths in HTTP GET/POST requests.  'virtual' means
#	to use the Host header.
httpd_accel_host virtual
#	Prepend Host header value to URL before handing to redirector
httpd_accel_uses_host_header on

#	Run redirector program to map URLs.  Note that http_access
#	ACLs apply only to the original URLs as squid received them,
#	not the URLs resulting from redirection.
redirect_program /usr/local/bin/squid-redir2
redirect_children 4
#	Pass Host header verbatim to backend server; otherwise it
#	gets the result of the redirect_program.
redirect_rewrites_host_header off

acl self_port	port 80
acl self_dst	dst 1.2.3.4

#	Deny access to any but the WWW port.  [Is this useful?  Will
#	the port be anything other than 80 in http_accel mode?]
http_access deny !self_port

#	Do not forward/proxy in a loop back to ourself.  Such loops
#	should only occur when we fail to modify the URL in the
#	redirector or fail to match the cache_peer patterns -- a screw
#	up.  Squid catches such loops itself but the consequent
#	cache.log entry is noisy.  We still get a "Failed to select
#	source" log entry in such cases.
never_direct allow self_dst self_port

#	Proxy requests to Zope for particular domain names.
#
#	All requests, including those that were changed by the redirector,
#	are considered here.  By explicitly allowing only the Zope-hosted
#	domains, all other requests are proxied directly to the URL given by
#	redirection (if any).
#
#	Note that messages forwarded to Zope as the cache_peer are
#	sent transparently.  If the redirector didn't change them,
#	Zope gets the message exactly as squid received it (except for
#	the originating IP address), as if Zope were running on port
#	80.
#
#	All messages proxied through this cache peer are flagged as
#	'*_PARENT/localhost' in access.log.
#
cache_peer localhost parent 8080 0 no-query default
acl zope_domain dstdomain example.com
acl zope_domain dstdomain www.example.com
...
cache_peer_access localhost allow zope_domain

#	Deny any other HTTP use
acl other_http	src 0/0
http_access deny other_http

More information about the Zope mailing list