Okay, some experimentations I made:
I added the following lines on ProxyB:
# lines from Amos' tip
acl fastsites dstdomain .need-fast-inet.com
acl fastsites dstdomain .another-need-fast-inet.com
never_direct allow fastsites
Changes on ProxyA:
# lines from Amos' tip
acl fastsites dstdomain .need-fast-inet.com
acl fastsites dstdomain .another-need-fast-inet.com
# also from Amos' tip
miss_access allow fastsites
miss_access deny siblings
miss_access allow all
# and this one from Amos' tip
always_direct allow fastsites
My browser can't access .need-fast-inet.com
I further changed the following lines to ProxyB:
# added "weight=2 allow-miss"
cache_peer ProxyA sibling 3128 4827 htcp weight=2 allow-miss
# added the following line
neighbor_type_domain ProxyA parent .need-fast-inet.com
.another-need-fast-inet.com
Now, I can access .need-fast-inet.com through ProxyB.
But, isn't that "allow-miss" dangerous?
Any comments?
Rgds.
[p]
Pandu E Poluan wrote:
> Hmmm... strange...
>
> Now, instead of accessing the site objectX, ProxyB and ProxyC users
> can't access the site at all...
>
> But no SQUID error page shows up... the browser simply times out...
> Accessing URLs other thatn objectX still works...
>
> objectX is accessible via ProxyA, though.
>
> The changes I made currently:
>
> On ProxyA:
>
> acl objectX dstdomain ...
> miss_access allow objectX
> always_direct allow objectX
>
> On ProxyB/C:
>
> acl objectX dstdomain ...
> never_direct allow objectX
>
> I'll experiment with the settings... maybe also "miss_access allow
> objectX" on ProxyB and ProxyC?
>
>
> Rgds.
>
>
>
> Pandu E Poluan wrote:
>> Aha! Thanks a lot, Amos :-)
>>
>> I have been suspicious all along that the solution uses miss_access
>> and never_direct ... but never saw an example anywhere.
>>
>> Again, much thanks!
>>
>> ** rushes to his proxies to configure them **
>>
>>
>> Rgds.
>>
>>
>> [p]
>>
>>
>> Amos Jeffries wrote:
>>> Pandu E Poluan wrote:
>>>> The URL is allowed to be accessed by everyone, ProxyA-users, and
>>>> ProxyB/C-users alike.
>>>>
>>>> I just want the URL to be retrieved by ProxyA, because accessing
>>>> that certain URL through ProxyB/C is too damn slow (pardon the
>>>> language).
>>>>
>>>>
>>>> Rgds.
>>>>
>>>
>>> Okay. Thought it might be something like that, just wanted to be
>>> sure before fuzzing the issue.
>>>
>>> You will need to create an ACL just for this URL (an others you want
>>> to do the same).
>>> acl objectX ...
>>>
>>>
>>> proxyA needs to allow peers past the miss_access block.
>>>
>>> proxyA:
>>> miss_access allow objectX
>>> miss_access deny siblings
>>> miss_access allow all
>>>
>>>
>>> siblings must never go direct to the object (always use their parent
>>> peer)
>>>
>>> proxyB/proxyC:
>>> never_direct allow objectX
>>>
>>> Amos
>>>
>>>>
>>>> Amos Jeffries wrote:
>>>>> Pandu E Poluan wrote:
>>>>>> Anyone care to comment on my email?
>>>>>>
>>>>>> And another question: Is it possible to use miss_access with a
>>>>>> dstdomain acl?
>>>>>>
>>>>>>
>>>>>> Rgds.
>>>>>>
>>>>>>
>>>>>> Pandu E Poluan wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I want to know is there a way to force a URL to be retrieved by
>>>>>>> only a certain proxy, while ensuring that meshing works.
>>>>>>>
>>>>>>> Here's the scenario:
>>>>>>>
>>>>>>> I have a ProxyA ==> connects to Internet via a fast connection
>>>>>>> "InetFast"
>>>>>>> This proxy is used by a group of users that really need fast
>>>>>>> connection.
>>>>>>>
>>>>>>> I have other proxies ProxyB & ProxyC ==> connects to Internet
>>>>>>> via a slower connection "InetSlow"
>>>>>>> These proxies are used by the rest of the staff.
>>>>>>>
>>>>>>> I configured them all as siblings, with miss_access blocking
>>>>>>> MISS requests between them, e.g.
>>>>>>>
>>>>>>> # Configuration snippet of ProxyA
>>>>>>> cache_peer <ProxyB> sibling 3128 4827 htcp
>>>>>>> cache_peer <ProxyC> sibling 3128 4827 htcp
>>>>>>> acl siblings src <ProxyB>
>>>>>>> acl siblings src <ProxyC>
>>>>>>> miss_access deny siblings
>>>>>>> miss_access allow all
>>>>>>>
>>>>>>> ProxyB & ProxyC both has similar config.
>>>>>>>
>>>>>>> ( The aim is to 'assist' other staffers using InetSlow so that
>>>>>>> whatever has been retrieved by the InetFast users will be made
>>>>>>> available to the rest of the staffs )
>>>>>>>
>>>>>>> Now, let's say there's this URL http://www.need-fast-inet.com/
>>>>>>> that I want to be retrieved exclusively by ProxyA.
>>>>>>>
>>>>>>> How would I configure the peering relationships?
>>>>>
>>>>> If you can state the problem and the desired setup clearly in
>>>>> single-sentence steps you have usually described the individual
>>>>> config settings needed.
>>>>>
>>>>> Is the URL allowed to be fetched by the slow users through proxyB
>>>>> into proxy A and then internet?
>>>>>
>>>
>>>
>>> Amos
>>
>
-- *Pandu E Poluan* *Panin Sekuritas* IT Manager / Operations & Audit Phone : +62-21-515-3055 ext 135 Fax : +62-21-515-3061 Mobile : +62-856-8400-426 e-mail : pandu_poluan_at_paninsekuritas.co.id <mailto:pandu_poluan_at_paninsekuritas.co.id> Y!M : hands0me_irc MSN : si-ganteng_at_live.com GTalk : pandu.cakep_at_gmail.comReceived on Wed Apr 08 2009 - 04:47:43 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 08 2009 - 12:00:02 MDT