Re: Disable direct accesses

From: Nico Tranquilli <>
Date: Tue, 8 Apr 1997 10:38:11 +0200 (MDT)

You, Diva Duarte Neves, wrote:

> Dear friends:

> We have an hierarchical structure of caching proxies, running
> SQUID-1.1.9 and using several traffic priorities to access international
> sites. The top caching servers have the highest priority and the others
> have the lower. The reason to adopt the policy is to force the central
> proxies and the complete congestion of internacional links. Our problem
> is the following:

> Frequently, the servers on the second level or under of the structure
> try to connect remote sites DIRECTLY, despite we have already defined
> that primary server should be used as PASSTHROUGH_PROXY and defined
> null values to HIERARCHY_STOPLIST. As I see on the documentation
> included on the configuration file, the passthrough_proxy server is the
> "the name of a 'cache_host' listed above, or a hostname and port number
> where all non-GET (i.e. POST, PUT) requests should be forwarded to."

> In any situations, we cannot support DIRECTLY connections to remote
> sites from servers located on the second level of the structure,
> because they have a potential probability to reach TIMEOUTs.

> How to force that all requests must go to the primary level servers, in
> any situations?

> Could anyone help me on this subject?
> Any help we be appreciated. Thanks in advance.

You may set the inside_firewall option to none so that all requests are
resolved through neighbor (siblings and parents) proxies.i... but
this way your top level proxy would become a single point of failure since
your second level proxies won't fetch objects directly if its parents are
down... Without that squid sometimes still fetches objects directly even though
source_ping is off and parents are weighted with are very high values...
How come Duane ?


Nico Tranquilli
CINECA - Interuniversity Computing Centre
Networks and Distributed Systems group
phone: +39 (51) 6171519
Received on Tue Apr 08 1997 - 01:50:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:57 MST