Re: [squid-users] Forwarding loops... from Henrik Nordstrom on 2008-07-11 (squid-users)

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Fri, 11 Jul 2008 18:53:52 +0200

On fre, 2008-07-11 at 07:49 -0700, John Doe wrote:

> I don't have use allow-miss.
> But I do have:
> header_access Cache-Control deny all
> header_replace Cache-Control max-age=864000
> I will try without it...

That explains the loops in sibling setup.

But it does not explain why your cache_peer_access rules wasn't
effective. Thise should have worked...

> > > To solve this, I tried to prevent a squid from querying a sibling on behalf of
> > another sibling:
> > >
> > > example of squid1.conf:
> > > cache_peer 192.168.17.12 sibling 8000 3130 proxy-only name=squid2
> > > cache_peer 192.168.17.13 sibling 8000 3130 proxy-only name=squid3
> > > cache_peer 192.168.17.14 sibling 8000 3130 proxy-only name=squid4
> > >
> > > acl from_squids src 192.168.17.12
> > > acl from_squids src 192.168.17.13
> > > acl from_squids src 192.168.17.14
> > >
> > > cache_peer_access squid2 deny from_squids
> > > cache_peer_access squid3 deny from_squids
> > > cache_peer_access squid4 deny from_squids
> > >
> > > But it is not helping...
> >
> > That should defenitely help.
> >
> > What is said in access.log?
>
> If I ask squid2 for a looping object:
>
> squid2 access.log:
> 1215783827.918 1 192.168.17.12 TCP_MISS/200 7188 GET http://192.168.16.23/img/spain.gif - FIRST_UP_PARENT/apache image/gif
> 1215783827.919 2 192.168.17.12 TCP_MISS/200 7233 GET http://192.168.16.23/img/spain.gif - CD_SIBLING_HIT/squid3 image/gif

Why is there two requests from 17.12?

Are you still not using tcp_outgoing_address? Please add appropriate
tcp_outgoing_address directives.

Assuming the squid2 config looks the same as the squid1 save for the
rotation of the servers to squid1,3,4 your cache_peer_access rule won't
match here as the request is coming from 17.12 which is the squid2
address..

To answer your other question about Apache, there is no big problem with
having the setup as you do with a set of apaches on different ports, but
you may need to tweak the Apache config a little to make Apache assume
port 80 in references to itself, used. when sending a browser redirect
etc such as seen when requesting http://server/directory without
trailing /

Additionally you probably only need one instance of Apache..

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Fri Jul 11 2008 - 16:53:58 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 11 2008 - 12:00:03 MDT