when 'cache_peer_access <cache> deny all_dst' is not enough

From: <dean.scothern@dont-contact.us>
Date: Thu, 11 Nov 1999 08:50:16 +0000

Hello,

I've been having problems with a squid configuration working between 4 sites
over a wan. Response has been slow and the wan congested. I've been using
cache_peer_access to specify parents for some domains and a deny to prevent
looping so:

using squid 2.2STABLE4

hopefully relevant bit:

acl all-dst dst 0.0.0.0/0.0.0.0
cache_peer_access cache1 allow domain1
cache_peer_access cache1 deny all-dst

Well this sort of worked but I was getting a forwarding loop reported about
every half hour. I didn't think this
was a problem as web access worked, just that the performance wasn't as good as
hoped. Yesterday I
 tried to remove the loop as it was bugging me. I changed the above to:

acl all-dst dst 0.0.0.0/0.0.0.0
acl everything urlpath_regex .*
cache_peer_access cache1 allow domain1
cache_peer_access cache1 deny all-dst
cache_peer_access cache1 deny everything

And lo and behold the loop disapeared, and wroom.... performance is much better!
It looked like deny all-dst was not enough.

So my question is: why?

Am I being stupid (probably)

Regards

Dino
Received on Thu Nov 11 1999 - 02:01:42 MST

This archive was generated by hypermail pre-2.1.9 : Wed Apr 09 2008 - 11:57:32 MDT