squid reverse proxy and .asp

Posted on 2003-03-06
Medium Priority
Last Modified: 2010-03-18
I am building a squid reverse proxy to hide a webserver behind. I have it basically working ok but when trying to do a search on our phonebook you get the error - The requested URL could not be retrieved
While trying to retrieve the URL: 

The following error was encountered:

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Generated Thu, 06 Mar 2003 12:03:58 GMT by proxy.mycompany.com (Squid/2.4.STABLE7)

I am using Trustix 1.5. and below is a copy of squid.conf. I would also appreciate any other views about the proxy config as this will be internet facing..
http_port 80
visible_hostname proxy.mycompany.com
icp_port 0
cache_mem 20 MB
emulate_httpd_log on
cache_access_log /dev/null
cache_store_log /dev/null
cache_dir ufs /var/spool/squid  1000 16 256
redirect_rewrites_host_header off
acl all src
acl QUERY urlpath_regex cgi-bin \? asp
no_cache deny QUERY
acl manager proto cache_object
acl localhost src
acl localnet src
http_access allow manager localhost
http_access deny manager
acl safeports port 80
acl safemethods method GET
http_access deny !safeports
http_access deny !safemethods
http_access allow all
cache_effective_user squid
cache_effective_group squid
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy off
httpd_accel_uses_host_header on
log_icp_queries off
maximum_object_size 32768 KB
maximum_object_size_in_memory 4096 KB
forwarded_for on

many thanks

Question by:eishv
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 8087090

Why using the squid proxy and not iptables firewall rules to do this instead ?

iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination

/Hans - Erik Skyttberg

Author Comment

ID: 8087144
I want it to be able to cache the webserver to take some load of off it. the webserver needs to be able to access a database on our intranet server and the plan put forward by one of our suppliers was to have the webserver on our DMZ and map a drive to the intranet server on our LAN which is obviously madness. I proposed we use a reverse proxy sitting in our DMZ forwarding HTTP to the webserver sitting on the LAN so we don't need to allow SMB across the firewall.

Expert Comment

ID: 8087594

If you use pages that will fetch data directly from database I STRONGLY recommend against using any kind of caching in front of the webserver.

Since when the page is cached the cached page will be returned.

Let give you an example you request a page the shows current online users:

This page returns 10;

Now 5 more logs in they will still see 10 not 15, since they get the page that squid has cached.

If you do as I suggest you will still only allow http protocol on port 80 to the webserver.
This you can setup in your fierwall, I agree allowing smb through firewall is not good.

/Hans - Erik Skyttberg
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.


Author Comment

ID: 8087620
Thanks Hans, i am aware of problems with caching asp and am hoping to either fine tune the cache or disable caching of asp. I don't see any reason not to cache jpg's ect.. though.


Author Comment

ID: 8102130
I have found the solution. the search is using an http PUT which is not enabled in the squid.conf.


Expert Comment

ID: 9077724
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Accepted Solution

modulo earned 0 total points
ID: 13224015
PAQed with points refunded (75)

Community Support Moderator

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question