Re: [squid-users] Routing requests issues in hierarchy setup

ons 2008-12-03 klockan 20:09 -0200 skrev Lucas Brasilino:

> I'm getting puzzled with routing requests with Squid 2.7STABLE5 and how
> 'always_direct' and 'never_direct' works.

always_direct allow means that this Squid MUST NOT use any cache_peer
while forwarding the request, instead it must go to the requested
server.

never_direct allow (unless always_direct allow is also in effect) means
the opposite. That this Squid MUST use a cache_peer while forwarding the
request and MUST NOT go directly to the requested server itself.

> Basically I'd
> like to route a requests with a specific extension to another squid
> instance,

including requests to your domain, or only outside requests?

I guess this was answered by your config example.. requests for
foo.bar.com with specific extensions.

> requests to my domain to go directly and outside
> requests go through my parent proxys.

> acl bar dstdomain .bar.com
> acl foo dstdomain foo.bar.com
> acl caching_tier2 url_regex -i (\.css|\.jar|\.png|\.gif|\.jpg|\.js)$

> cache_peer_access tier2 allow caching_tier2 foo
> cache_peer_access tier2 deny all

> always_direct allow !caching_tier2 bar
> never_direct allow all

Here is a slight mismatch. To tier2 you send only

   caching_tier2 in foo.bar.com

but you allow the following going direct

   !caching_tier2 in .bar.com

This means that

   caching_tier2 in .bar.com except for foo.bar.com

will go to the parent proxies as it's not allowed to go direct, not
allowed to go via tier2 and not excluded from going via the parents.

Additionally

> cache_peer_access proxy1 deny caching_tier2 foo

says that any requests in bar except for foo or where always_direct is
in effect may be sent via the parents, which further adds to the
confusion..

> Since 'allow' match of 'always_direct' goes directs, any request to
> domain 'bar.com' which doesn't matches
> 'caching_tier2' ACL should go direct. But what is happening is:
>
> request to http://foo.bar.com/something.jpg => routed to tier2 => OK
> request to http://other.bar.com/<anything> => routed to parents => NOT OK!
> request to http://outside.world.com/<anything> => routed to parents => OK!
>
> So...Where am I messing things up ?? :-)

Probably you want

cache_peer_access tier2 allow caching_tier2 foo
never_direct allow caching_tier2 foo

cache_peer_access proxy[1234] allow !bar
[repeat per proxy1234]
never_direct allow !bar

which says that

caching_tier2 in foo.bar.com must go via tier2 (excluded from
proxy[1234] as foo is also in bar)

anything except .bar.com must be sent to the parents.

.bar.com except caching_tier2 goes direct as they are excluded from both
tier2 and the parents.

Regards
Henrik
Received on Sun Dec 07 2008 - 10:36:31 MST