Re: [squid-users] Forwarding problems from Amos Jeffries on 2009-04-20 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 20 Apr 2009 19:01:15 +1200

Pandu E Poluan wrote:
> Hi all!
>
> I've configured my proxies correctly, and now they work as expected.
>
> * Requests to fast sites get forwarded to ProxyA, which uses FastInet
> * Other requests gets handled directly by ProxyB and ProxyC, which uses
> SlowInet
>
> There's a problem, however, that recently cropped up.
>
> I've added ".google.com" and "mail.yahoo.com" as a fast sites.
> Accesses to Google and Yahoo Mail (mail.yahoo.com) gets accelerated, as
> expected.
>
> However, when trying to access the Google cache, apparently the URL uses
> an IP address instead of a domain name, e.g. "72.14.192.66"
> Same situation happened when accessing an attachment in Yahoo Mail, it
> uses an IP address instead of domain name, e.g. "206.190.39.216"
>
> I keep getting errors:
>
> ===== Error message snip =====
>
> The following error was encountered:
>
> * * Unable to forward this request at this time. *
>
> This request could not be forwarded to the origin server or to any
> parent caches. The most likely cause for this error is that:
>
> * The cache administrator does not allow this cache to make direct
> connections to origin servers, and
> * All configured parent caches are currently unreachable.
>
> ===== Error message snip =====
>
> I think ProxyB and ProxyC somehow performed a reverse DNS, and forwards
> the IP-address-based requests to ProxyA, while ProxyA only allows
> explicit URLs in its miss_access directive.
>
> I've tried editing the ProxyA's squid.conf like follows:
>
> #snippet of ProxyA squid.conf
> acl fastsites dstdomain .yahoo.com
> acl fastsites dstdomain .yimg.com
> acl fastsites dstdomain .yahooapis.com
> acl fastsites dstdomain .google.com
> acl fastsites dstdomain .gmail.com
> acl fastsites dstdomain 206.190.39.216
> #
> acl fastsites_ip dst 72.14.192.0/18
> acl fastsites_ip dst 206.190.39.216
> #
> miss_access allow fastsites
> miss_access allow fastsites_ip
> miss_access deny siblings
>
>
> But to no avail.
>
> Any suggestions?
>

Does adding the IP-text "206.190.39.216" to the dstdomain ACL work?
Squid should try an exact text match before doing rDNS.
Otherwise you may be stuck with an url_regex pattern for those.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7

Received on Mon Apr 20 2009 - 07:01:26 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 20 2009 - 12:00:02 MDT