RE: [squid-users] How to deny unmatched/unspecified domains insquid 2.6 under reverse proxy mode? from Nguyen, Khanh, INFOT on 2006-10-17 (squid-users)

From: Nguyen, Khanh, INFOT <nguyenkt@dont-contact.us>
Date: Tue, 17 Oct 2006 23:18:50 -0400

Henrik,

Few lines in my squid.conf in relation to the reverse proxy mode:

Http_port 80 vhost

Cache_peer 192.168.2.6 parent 8000 0 no-query originserver
Cache_peer 192.168.2.4 parent 8000 0 no-query originserver
Cache_peer 192.168.2.2 parent 8000 0 no-query originserver

Cache_peer_domain 192.168.2.6 www1.mycompany.com
Cache_peer_domain 192.168.2.4 www2.mycompany.com

I took a trace into the code to see why I did not get an error page, the problem appears to be the leftover parent that does not have domain association, 192.168.2.2. The logic in the code returns a match for peer that does not have domain association (in peerAllowedToUse function of neighbors.c) And that is how the parent selection results a match.

I could enforce the squid.conf to remove parents that are not in-use, or change the logic of peer selection to always return no match for domain that does not parent (initilizing the do_ping to zero instead of zero) Perhaps there is a reason for the current logic or it is simply an undesired side-effect of something else?

Interesting that you mention cache_peer_access. I have not thought about using it. It could be handy for some custom configurations.

Thanks,
Khanh

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Tuesday, October 17, 2006 5:28 PM
To: Nguyen, Khanh, INFOT
Cc: Squid List
Subject: Re: [squid-users] How to deny unmatched/unspecified domains insquid 2.6 under reverse proxy mode?

mån 2006-10-16 klockan 10:14 -0400 skrev Nguyen, Khanh, INFOT:

> I have squid 2.6 on Linux OS. The squid cache is configured in reverse
> proxy mode, means each domain has a mapping web server for objects
> retrieval. For example: objects of www1.mycompany.com will be fetched
> from websever1.mycompany.com, objects of www2.mycompany.com will be
> fetched from webserver2.mycompany.com ...

Ok.

> For domains that are NOT configured in the cache server, the squid
> cache uses first_up_parent, sometime webserver1.mycompany.com, other
> time webserver2.mycompany.com.

Not in the setups I have done. I end up in "cannot forward request".

How have you configured the mapping above? The 2.6 supposed way is to
use cache_peer + cache_peer_access (or cache_peer_domain).

Regards
Henrik
Received on Tue Oct 17 2006 - 21:19:02 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST