The logics is inverse. You need to deny the domain from using the other
parents.
cache_peer_access (and cache_peer_domain) controls what MAY be sent to the
peer. Only what is allowed will ever be sent there. The default if is that
all requests is allowed to use that peer.
Regards
Henrik
Daniel Lim wrote:
> Hello there,
> I am having problem in squid to force a website/domain requested by our
> users to go through only one firewall rather than multiple. I used both
> cache_peer and cache_peer_domain on the squid server but the
> transactions for that website still go through all 3 firewalls.
>
> We have 3 firewalls for redundancy and load-sharing, due to strict
> security requirements of this particular website www.xxx.com.au, all
> accesses must come from one of the firewalls only i.e. one IP, or else
> users will be disconnected when the website sees different IP sources.
>
> In squid.conf I have these:
>
> cache_peer 192.168.127.50 parent 80 7 no-query round-robin
> cache_peer 192.168.127.100 parent 80 7 no-query round-robin
> cache_peer 192.168.127.150 parent 80 7 no-query round-robin
>
>
> cache_peer_domain 192.168.127.100 .xxx.com.au # I chose
> to go through the 2nd firewall
>
> Can anyone please shed light on where have I gone wrong?
>
> Much thanks in advance.
-- Basic free Squid support provided thanks to MARA Systems AB Your source of advanced reverse proxy solutions or customized Squid solutions. http://www.marasystems.com/products/Received on Tue Jun 04 2002 - 02:50:13 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:25 MST