On Fri, Feb 11, 2000 at 04:11:44PM +0300, Suresh.Khatry@unon.org wrote:
>
> Squid Proxy/cache-------> Internet to NY
> |
> |
> |------LAN
> |
> |
> Apache Proxy------------> Internet to Geneva
>
> All port 80 access is directed to the Squid via a xxxx.pac
> java script. I want the squid proxy/cache to be able to
> forward requests for certain web sites (like those in Europe
> e.g. xxx.ch, xxx.fr, xxxx.uk, etc) to the apache proxy server
> and still cache the results. All other accesses should go via
> NY.
Here is something to get you started:
cache_peer apache.proxy parent 8080 7 no-query default no-digest
cache_peer squid.proxy parent 3128 3130 default
acl europe dstdom_regex -i "/squid/etc/europe_dstdom_regex"
acl noteurope dstdom_regex -i "/squid/etc/noteurope_dstdom_regex"
cache_peer_access allow noteurope squid.proxy
cache_peer_access deny europe squid.proxy
cache_peer_access allow all squid.proxy
cache_peer_access deny noteurope apache.proxy
cache_peer_access allow europe apache.proxy
cache_peer_access deny all apache.proxy
Then, create a file /squid/etc/europe_dstdom_regex like this (this
is not a complete list, I apologise to the residents of other countries
whom I have missed out) You can, of course, add .com .net .org and
other addresses which you know to be hosted in Europe to this file:
.uk$
.se$
.fi$
.fr$
.ch$
.de$
.it$
.cz$
.es$
.nl$
.ro$
.sk$
uk.yahoo.com$
It's difficult to determine which sites are in Europe and which are
in US by domain name alone, since many sites with European domain names
are actually hosted in the States :-( If you find a site which has
a European domain name but is actually hosted in the US, you can add
the domain name to /squid/etc/noteurope_dstdom_regex, for example:
auroraweb.co.uk$
(I'm sorry, I don't have many examples of this type of domain, but
I think there are many)
You should also be sure that locally-hosted sites are not routed
via the international links. You can either do this using cache_peer_access
as demonstrated above, or by using an option such as hierarchy_stoplist.
This is not the only way to achieve what you want; however, it has
been working without trouble for me here (and provides some flexibility
that cache_peer_domain does not allow).
You might have better success using the IP address, although that
will necessitate a local DNS lookup (which would normally be carried
out by the parent proxy). The following addressees are all used by
networks in Europe, there are probably some more ones which are also
common. Perhaps the operators of your European cache could assist.
193.0.0.0/8 These are all shown in "whois -h whois.arin.net
194.0.0.0/8 193.0.0.0" as belonging to RIPE.
195.0.0.0/8
212.0.0.0/8 Similarly, there are assigned netblocks for
213.0.0.0/8 Asia/Pacific, US military, etc.
I think that possibly it will be better to simply find common
sites and add them to the text files. The additional DNS delay
over the vsat link will probably be noticable.
If you need to conserve bandwidth usage, you might want to try
experimenting with the options "refresh_pattern" and "offline_mode"
in squid.conf (particularly the refresh_pattern options such as
override-lastmod, override-expire, reload-into-ims). Normally it
is bad to use these options since they can force your Squid cache
to sometimes return "stale" (out-of-date) content. When you pay
a lot of money for your international bandwidth (which I suspect
you might do as you are connected by vsat), it might be worth
the inconvenience of sometimes having to "refresh" the page if
it saves money.
Many sites force their pages to be "uncacheable" so that the
owners can have more accurate statistics. This is not always so
good for international users, and careful use of the options
I have mentioned could be very helpful. If you will use them,
you should experiment with the different settings until you
have seen how they work.
--stu
Received on Fri Feb 11 2000 - 08:24:14 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:11 MST