Versions Compared

Old Version 10

changes.mady.by.user Brian F Knoll

Saved on

compared with

New Version 11

changes.mady.by.user Brian F Knoll

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Install

...

Squid:

{
Code Block
}
yum -y install squid
{code}\\
\\

In



In httpd.conf,

...

make

...

sure

...

the

...

Apache

...

server

...

only

...

listens

...

to

...

port

...

80

...

on

...

the

...

localhost

...

interface:

{
Code Block
}
Listen 127.0.0.1:80
{code}\\

If using


If using Touchstone,

...

then

...

also

...

add

...

the

...

following

...

to

...

the

...

end

...

of

...

httpd.conf:

{
Code Block
}
ProxyPass /Shibboleth.sso/ https://idp.mit.edu/Shibboleth.sso/
ProxyPassReverse /Shibboleth.sso/ https://idp.mit.edu/Shibboleth.sso/
ProxyPass /Touchstone/ https://idp.mit.edu/Touchstone/
ProxyPassReverse /Touchstone/ https://idp.mit.edu/Touchstone/
{code}\\

In


In squid.conf,

...

make

...

sure

...

the

...

following

...

items

...

are

...

set

...

as

...

described:

{
Code Block
}
http_port ist-prod-pubs1.mit.edu:80 defaultsite=ist.mit.edu vhost

http_access allow all

cache_peer 127.0.0.1 parent 80 0 no-query originserver name=Accelerator


Restart the Apache server:

Code Block
{code}\\

Restart the Apache server:
{code}
/etc/init.d/web restart
{code}\\

If using


If using Touchstone,

...

then

...

restart

...

shibd:

Code Block

\\
{code}
/etc/init.d/shibd restart
{code}\\

I have an


I have an "http_access

...

allow

...

all"

...

directive

...

in

...

my

...

configuration,

...

in

...

this

...

instance.

...

In

...

the

...

case

...

of

...

a

...

regular

...

web

...

proxy,

...

for

...

use

...

with

...

clients

...

connecting

...

to

...

a

...

proxy

...

for

...

outbound

...

requests,

...

this

...

would

...

be

...

a

...

very

...

bad

...

idea.

...

However,

...

in

...

this

...

case

...

we

...

are

...

proxying

...

inbound

...

requests

...

to

...

our

...

Apache

...

server

...

only.

...

By

...

specifying

...

the

...

parent

...

server

...

as

...

our

...

Apache

...

server,

...

we

...

have

...

restricted

...

the

...

connections

...

our

...

cache

...

can

...

make,

...

so

...

that

...

it

...

can

...

only

...

connect

...

to

...

our

...

Apache

...

server.

...

Further,

...

we

...

didn't

...

want

...

to

...

restrict

...

inbound

...

traffic,

...

on

...

the

...

premise

...

that

...

our

...

users

...

could

...

be

...

from

...

anywhere.

...

It

...

should

...

be

...

possible

...

to

...

put

...

a

...

restriction

...

in

...

place

...

that

...

restricts,

...

with

...

ACLs,

...

the

...

outbound

...

side

...

of

...

the

...

request.

...

Again,

...

though,

...

it

...

would

...

have

...

no

...

practical

...

effect,

...

as

...

all

...

requests

...

are

...

forced

...

to

...

our

...

Apache

...

server

...

anyhow,

...

through

...

the

...

parent

...

directive.

...

As

...

our

...

Apache

...

server

...

is

...

not

...

configured

...

as

...

an

...

open

...

proxy

...

(or

...

indeed,

...

any

...

form

...

of

...

proxy

...

at

...

all)

...

the

...

only

...

sites

...

users

...

can

...

access

...

through

...

our

...

proxy

...

are

...

those

...

served

...

by

...

our

...

own

...

Apache

...

server,

...

which

...

is

...

exactly

...

the

...

configuration

...

we

...

want.

...