AW: [squid-users] problems upgrading from squid 2.4stable6 to 2.5stabel2

> Von: Henrik Nordstrom [mailto:hno@squid-cache.org]
>
> On Thursday 22 May 2003 18.58, markus.rietzler@rzf.fin-nrw.de wrote:
>
> > so this looks like our acls were the "killer". but the question is
> > what causes squid to hang so badly. squid.conf for 2.4 and 2.5 are
> > the same (ok, apart from the minor changes for the version, but
> > acls are the same). so squid2.5 only performs the same as the old
> > version when we drop all our acls...
>
> What kinds of ACLs are you using?
>

as i said, strange thing is that these acls work with 2.4 but not with
2.5...

it's kind of complicated ;-)

there are 3 parent proxies via cache_peer defined.

proxy-intra (intranet), proxy-lvn (another "intranet") and proxy-inter
(internet)

then we have 3 user-level: a) access to both intranets, but no
internet-access except some sites we have defined to be "open"
b) surfer - access to both intranets and internet but without download
rights.
c) downloader - access to both intranets, internet and downloads from
internet.

access to our proxy is only allowed to clients from local-net
(123.45.xxx.xxx), and one central proxy (proxy-intra). there are local
servers, which can be accessed direct, all other systems must use one of
the parents. but only local clients are allowed to access servers that
are "internal" (intern).

via acl-rules the proxies decides which parent to ask.

in our acls "ausn" stands for "exceptions", "tunnel" are the open
servers in the web, that can be accessed from all clients.

acl dstregex_local dstdom_regex -i ^[acdiklvz]$FANR[0-9-][0-9][0-9]
acl dstregex_intra dstdom_regex -i
^[acdiklvz][0-9][0-9][0-9][0-9-][0-9][0-9]
acl urlpath_download urlpath_regex -i
"$SQUID_FILES/etc/urlpath_download"
acl dstdomain_downloadausn dstdomain
"$SQUID_FILES/etc/dstdomain_downloadausn"
acl urlpath_downloadausn urlpath_regex -i
"$SQUID_FILES/etc/urlpath_downloadausn
"
acl dstdomain_intern dstdomain "$SQUID_FILES/etc/dstdomain_intern"
acl url_intern url_regex -i "$SQUID_FILES/etc/url_intern"
acl urlpath_intern urlpath_regex -i "$SQUID_FILES/etc/urlpath_intern"
acl dstdomain_intramisc dstdomain "$SQUID_FILES/etc/dstdomain_intramisc"
acl url_intramisc url_regex -i "$SQUID_FILES/etc/url_intramisc"
acl dstdomain_local dstdomain "$SQUID_FILES/etc/dstdomain_local"
acl dstdomain_lvn dstdomain "$SQUID_FILES/etc/dstdomain_lvn"
acl dstregex_lvn dstdom_regex -i "$SQUID_FILES/etc/dstregex_lvn"
acl url_lvn url_regex -i "$SQUID_FILES/etc/url_lvn"
acl dstdomain_lvnausn dstdomain "$SQUID_FILES/etc/dstdomain_lvnausn"
£ acl url_extra dstdomain "$SQUID_FILES/etc/url_extra"
acl urlpath_nocache urlpath_regex -i "$SQUID_FILES/etc/urlpath_nocache"
£ acl dstdomain_power dstdomain "$SQUID_FILES/etc/dstdomain_power"
£ acl dstdomain_powerausn dstdomain
"$SQUID_FILES/etc/dstdomain_powerausn"
acl dstdomain_tunnel dstdomain "$SQUID_FILES/etc/dstdomain_tunnel"
acl url_tunnel url_regex -i "$SQUID_FILES/etc/url_tunnel"
acl url_tunnelausn url_regex -i "$SQUID_FILES/etc/url_tunnelausn"
acl www url_regex .*
acl manager proto cache_object
acl purge method purge
acl all src 0.0.0.0/0.0.0.0

just to give a "number" of the size of our acl-files:

17 url_intern
22 url_intramisc
2 url_local
17 url_lvn
57 url_tunnel
15 url_tunnelausn
36 urlpath_download
4 urlpath_downloadausn
3 urlpath_intern
3 urlpath_nocache
1 dstdomain_auth
1 dstdomain_authausn
1 dstdomain_dmz
2 dstdomain_downloadausn
6 dstdomain_intern
188 dstdomain_intramisc
63 dstdomain_local
24 dstdomain_lvn
2 dstdomain_lvnausn
1 dstdomain_power
1 dstdomain_powerausn
511 dstdomain_tunnel
2 dstregex_lvn
Received on Fri May 23 2003 - 06:00:09 MDT