Re: How to use parent for all but some top-level domains?

From: Santeri Paavolainen <santtu@dont-contact.us>
Date: Fri, 6 Feb 1998 11:48:41 +0200 (EET)

On Wed, 4 Feb 1998, Bill Wichers wrote:
> > The question is how can I force Squid to fetch
> >
> > all ".fi" via DIRECT, and
> > all others via DEFAULT_PARENT?
> >
> > I have tried putting ".fi" and "fi" to inside_firewall, local_domains,
>
> If you aren't required to use a firewall, then you need only enter the
> line `cache_host_domain your.isps.parent.cache !.fi` in the squid.conf. IF
> you do have to use a firewall, then you'll need to put that line in the
> config file for your http firewall (probably with some translation if your
> firewall doesn't run squid :-). Squid has no control over how a firewall
> fetches objects for it. No one has implented source routing in cache
> protocols yet as far as I know ;-)

(BTW, the squid version is "Squid Cache: Version 1.1.20")

I don't quite understand this. I do have the cache_host_domain already as
you described, and firewall allows connections from the cache host (so
there's no http-gw in the firewall, the squid can fetch any object DIRECT
if it wants to). But:

        886748379.941 8782 127.0.0.1 ERR_CANNOT_FETCH/400 919 GET http://www.fi/ - NO_DIRECT_FAIL/www.fi -

eg.

        No peers to query and the host is beyond your firewall.

The problem really seems to be that there is a firewall, and I want it to
access any address inside the firewall DIRECT too (I didn't tell this in
the original mail, sorry), so the whole things should be like:

        all ".fi" DIRECT
        all "inside firewall" DIRECT
        all others DEFAULT_PARENT

Okay, so I'm testing now the following configuration:

        cache_host www-cache.eunet.fi parent 800 3130 no-query default
        cache_host_domain www-cache.eunet.fi !.fi

and there are *no* inside_firewall, local_domain, local_ip or
firewall_ip defined. So, I try to access the following URLs (our local
address, a .fi address and an international address -- the file is
bogus to force squid to fetch it not from the cache), from access log:

        886749652.883 7292 127.0.0.1 TCP_MISS/404 946 GET http://duuni.net/x - DIRECT/duuni.net text/html
        886749663.819 8450 127.0.0.1 TCP_MISS/404 289 GET http://www.fi/x - DIRECT/www.fi text/html
        886749680.265 7717 127.0.0.1 TCP_MISS/404 350 GET http://www.netscape.com/x - DIRECT/www.netscape.com text/html

(Why is squid using DIRECT when there is a default parent defined ??)

All are done DIRECT -- I would have expected that www.fi would have
been the only DIRECT and rest through DEFAULT_PARENT. By testing some
variants I can say that the problems is not with cache_host_domain (no
change in behaviour if I added .com or deleted the whole line). When I
added:

        inside_firewall satama.com duuni.net ura.net hima.net tothepoint.fi

and I get:

        886750402.720 7450 127.0.0.1 TCP_MISS/404 946 GET http://duuni.net/yy - DIRECT/duuni.net text/html
        886750411.153 6995 127.0.0.1 TCP_MISS/200 1624 GET http://www.fi/yy - DEFAULT_PARENT/www-cache.eunet.fi text/html
        886750420.068 8280 127.0.0.1 TCP_MISS/404 350 GET http://www.netscape.com/yy - DEFAULT_PARENT/www-cache.eunet.fi text/html

so, duuni.net which is listed in inside_firewall is fetched DIRECT as
it should, www.netscape.com is fetched from DEFAULT_PARENT but www.fi
isn't DIRECT. Back to the drawing board, I add the cache_host_domain
back:

        cache_host_domain www-cache.eunet.fi !.fi

and the results:

        886750540.088 9429 127.0.0.1 TCP_MISS/404 946 GET http://duuni.net/aa - DIRECT/duuni.net text/html
        886750549.959 6250 127.0.0.1 ERR_CANNOT_FETCH/400 923 GET http://www.fi/aa - NO_DIRECT_FAIL/www.fi -
        886750558.374 7756 127.0.0.1 TCP_MISS/404 350 GET http://www.netscape.com/aa - DEFAULT_PARENT/www-cache.eunet.fi text/html

duuni.net and www.netscape.com are correct, but now I get the ominous

        No peers to query and the host is beyond your firewall.

for www.fi, so I have come the full circle back to the original
question I posted. I *really* do not understand what is going on here.

(I'll try an alternative approach, which works ok, but I'd like to know
how to get this done just with squid itself.)

--
santtu@iki.fi                    I have become death, destroyer of the worlds.
Received on Fri Feb 06 1998 - 02:33:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:48 MST