Re: How to use parent for all but some top-level domains?

From: Santeri Paavolainen <>
Date: Fri, 6 Feb 1998 11:48:41 +0200 (EET)

On Wed, 4 Feb 1998, Bill Wichers wrote:
> > The question is how can I force Squid to fetch
> >
> > all ".fi" via DIRECT, and
> > all others via DEFAULT_PARENT?
> >
> > I have tried putting ".fi" and "fi" to inside_firewall, local_domains,
> If you aren't required to use a firewall, then you need only enter the
> line `cache_host_domain your.isps.parent.cache !.fi` in the squid.conf. IF
> you do have to use a firewall, then you'll need to put that line in the
> config file for your http firewall (probably with some translation if your
> firewall doesn't run squid :-). Squid has no control over how a firewall
> fetches objects for it. No one has implented source routing in cache
> protocols yet as far as I know ;-)

(BTW, the squid version is "Squid Cache: Version 1.1.20")

I don't quite understand this. I do have the cache_host_domain already as
you described, and firewall allows connections from the cache host (so
there's no http-gw in the firewall, the squid can fetch any object DIRECT
if it wants to). But:

        886748379.941 8782 ERR_CANNOT_FETCH/400 919 GET - NO_DIRECT_FAIL/ -


        No peers to query and the host is beyond your firewall.

The problem really seems to be that there is a firewall, and I want it to
access any address inside the firewall DIRECT too (I didn't tell this in
the original mail, sorry), so the whole things should be like:

        all ".fi" DIRECT
        all "inside firewall" DIRECT
        all others DEFAULT_PARENT

Okay, so I'm testing now the following configuration:

        cache_host parent 800 3130 no-query default
        cache_host_domain !.fi

and there are *no* inside_firewall, local_domain, local_ip or
firewall_ip defined. So, I try to access the following URLs (our local
address, a .fi address and an international address -- the file is
bogus to force squid to fetch it not from the cache), from access log:

        886749652.883 7292 TCP_MISS/404 946 GET - DIRECT/ text/html
        886749663.819 8450 TCP_MISS/404 289 GET - DIRECT/ text/html
        886749680.265 7717 TCP_MISS/404 350 GET - DIRECT/ text/html

(Why is squid using DIRECT when there is a default parent defined ??)

All are done DIRECT -- I would have expected that would have
been the only DIRECT and rest through DEFAULT_PARENT. By testing some
variants I can say that the problems is not with cache_host_domain (no
change in behaviour if I added .com or deleted the whole line). When I


and I get:

        886750402.720 7450 TCP_MISS/404 946 GET - DIRECT/ text/html
        886750411.153 6995 TCP_MISS/200 1624 GET - DEFAULT_PARENT/ text/html
        886750420.068 8280 TCP_MISS/404 350 GET - DEFAULT_PARENT/ text/html

so, which is listed in inside_firewall is fetched DIRECT as
it should, is fetched from DEFAULT_PARENT but
isn't DIRECT. Back to the drawing board, I add the cache_host_domain

        cache_host_domain !.fi

and the results:

        886750540.088 9429 TCP_MISS/404 946 GET - DIRECT/ text/html
        886750549.959 6250 ERR_CANNOT_FETCH/400 923 GET - NO_DIRECT_FAIL/ -
        886750558.374 7756 TCP_MISS/404 350 GET - DEFAULT_PARENT/ text/html and are correct, but now I get the ominous

        No peers to query and the host is beyond your firewall.

for, so I have come the full circle back to the original
question I posted. I *really* do not understand what is going on here.

(I'll try an alternative approach, which works ok, but I'd like to know
how to get this done just with squid itself.)

--                    I have become death, destroyer of the worlds.
Received on Fri Feb 06 1998 - 02:33:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:48 MST