Re: [squid-users] How not to cache local servers from Donovan Baarda on 2002-08-05 (squid-users)

From: Donovan Baarda <abo@dont-contact.us>
Date: Tue, 6 Aug 2002 13:43:21 +1000

On Mon, Aug 05, 2002 at 03:31:44PM +0200, Andreas Moroder wrote:
> Hello,
>
> we use squid with a cache peer. Now I wnat to configure it the way it does
> access directly all local servers.
>
> I tried this by adding the following lines to my squid.conf
>
> cache_peer_domain proxy.provinz.bz.it !se-nord.provinz.bz.it
>
> append_domain .se-nord.provinz.bz.it
>
> This way it should append the domain and then not use the cache_peer,
> but it does not work. I allways get a error messages from my cache peer, that
> servername.se-nord.provinz.bz.it in not reachable.
>
> What is wrong in my configuration ?
> Is there a way to solve this without recompilation ?

Looks like squid checks cache_peer_domain stuff before doing the
append_domain.

I'd suggest using cache_peer_access and/or always_direct instead;

acl localsites dstdomain localhost .se-nord.provinz.bz.it
no_cache deny localsites #prevents caching of localsites
always_direct allow localsites #goes direct for localsites
cache_peer_access <peername> deny localsites #avoids <peername> for localsites

You don't really need both cache_peer_access and always_direct, but I
present both here to show you your options. cache_peer_access is better if
you do have other peers that you do want to use for localsites.
always_direct is better if you never want to use any peers for localsites,
which is probably more common.

If you find that this still doesn't work, then squid must be doing the acl
checks before doing the append_domain. This would arguably be a bug in
squid, but this can still be worked around by adding all the unqualified
hostnames to the localsites acl;

acl localsites dstdomain localhost
acl localsites dstdomain .se-nord.provinz.bz.it
acl localsites dstdomain <firsthostname>
acl localsites dstdomain <secondhostname>
acl localsites dstdomain <otherhostname>

etc.

The other way to do this is use a "dst" acl to specify subnets for
localsites, but this will force DNS lookups for all requests, which is not
normaly required for requests that go through peers.

-- 
----------------------------------------------------------------------
ABO: finger abo@minkirri.apana.org.au for more info, including pgp key
----------------------------------------------------------------------

Received on Mon Aug 05 2002 - 21:43:36 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:31 MST