On Mon, 29 Mar 2004, Henrik Nordstrom wrote:
> On Mon, 29 Mar 2004, Emilio Casbas wrote:
>
> > Is there more people experimenting troubles with ssl connections in an
> > environment with proxis hierarchi and load balancing?.
>
> Almost all problems I have heard of comes from the user not always coming
> from the same source IP address when going via a mesh of proxies. Most I
> have heard of solves this by setting up a dedicated/deterministic
> forwarding path for CONNECT requests. These can not be cached so it is not
> much value in having all the dynamic properties of a cache mesh to
> increase hit ratio..
When using Squid in a load balancing configuration, you will have problems
with some web sites. The problem will be more prevalent when HTTP/SSL is
used but will also occur when HTTP is used. The primary problem is the
method used to establish and track sessions. These sites tend to use the
IP address in the IP packet header.
The solution is to (1) add a rule to your proxy.pac file that defines a
specific proxy to use for the web site and (2) define a parent proxy in
Squid that will handle all requests for content from the web site.
Merton Campbell Crockett
-- BEGIN: vcard VERSION: 3.0 FN: Merton Campbell Crockett ORG: General Dynamics Advanced Information Systems; Intelligence and Exploitation Systems N: Crockett;Merton;Campbell EMAIL;TYPE=internet: mcc@CATO.GD-AIS.COM TEL;TYPE=work,voice,msg,pref: +1(805)497-5045 TEL;TYPE=work,fax: +1(805)497-5050 TEL;TYPE=cell,voice,msg: +1(805)377-6762 END: vcardReceived on Mon Mar 29 2004 - 07:44:21 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:03 MST