Re: Questionaire 'bout cache_peer_access from Henrik Nordstrom on 1999-11-17 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 17 Nov 1999 09:05:27 +0100

Masataka_Tanaka wrote:

> 1. When I refer the URL contained within .dom1.tanaka.co.jp
> via proxyB instead of proxyA, it works well.
> (FIRST_UP PARENT is proxyB in access.log)
>
> cache_peer_domain proxyA.tanaka.co.jp !.dom1.tanaka.co.jp
> cache_peer_domain proxyB.tanaka.co.jp .dom1.tanaka.co.jp

Note that the above statement also denies proxyB to be used for any
requests except .dom1.tanaka.co.jp.

>
> 2. In the analogy of above case, when I set up IPaddress
> instead of domainname, it doesn't woek well.
>
> cache_peer_domain proxyA.tanaka.co.jp !192.138.22.0/25
> cache_peer_domain proxyB.tanaka.co.jp 192.138.22.0/25

cache_peer_domain only handles domain names (isn't that obvious from the
name and description?)

> 3. Even in the case of combining acl configuration and
> cache_peer_access instead, it resulted in failure.
> (At least it looks not well)
>
> acl net5 dst 192.138.22.0/25
> cache_peer_access proxyA.tanaka.co.jp deny net5
> cache_peer_access proxyB.tanaka.co.jp allow net5

You have to be patient when using this. It only works for IP addresses
already in Squids internal DNS cache. The effect is that it most likely
won't work for the first request, but it will start to work after a
short while (and then sporadically stop working for some requests when
the internal DNS entry expires). As a workaround you can use http_access
to initiate the DNS lookup.

http_access deny net5 !all

The above statement is always false, but triggers a DNS lookup for net5
which will be cached and available in later cache_peer_access
processing.

Also, the same question raised above applies to the proxyB settings.

> where http_access allow, icp_access allow, and
> miss_access allow is set to net5
>
> Confirming access.log, although it shows
> FIRST_UP PARENT is proxyB for 192.138.22.0/25 access,
> but access.log contains hostname&domainname for that IP.
> It looks result of success (i.e. reference for 192.138.22.0/25 via proxyB)
> comes not due to squid.conf setup but via DNS solution
> or the like.

???

If you use destination IP based rules then DNS resolution is required to
evaluate the rules..

Only http_access waits for DNS lookups to complete, the other *_access
directives simply ignores lines requiring DNS lookups not in the
internal cache, and queues a DNS lookup for future reference.

--
Henrik Nordstrom
Squid hacker

Received on Wed Nov 17 1999 - 01:23:06 MST

This archive was generated by hypermail pre-2.1.9 : Wed Apr 09 2008 - 11:57:32 MDT