Nope.
acl fastsites dstdomain 206.190.39.216
Still result in the "Unable to forward this request" error.
I'm a bit stumped here... how to prevent ProxyB and ProxyC from
forwarding that IP address?
Just FYI, here's a snippet of ProxyB's squid.conf:
# snippet of ProxyB squid.conf
#
# This is ProxyC
cache_peer 172.31.160.99 sibling 3128 4827 htcp
# And this is ProxyA
cache_peer 172.31.2.103 sibling 3128 4827 htcp weight=2 allow-miss
#
# ProxyA selectively becomes parent for these domains
neighbor_type_domain 172.31.2.103 parent .yahoo.com .yimg.com .yahooapis.com
neighbor_type_domain 172.31.2.103 parent .google.com .google.co.id
.gmail.com
#
acl fastsites dstdomain .yahoo.com
acl fastsites dstdomain .yimg.com
acl fastsites dstdomain .yahooapis.com
acl fastsites dstdomain .google.com
acl fastsites dstdomain .gmail.com
#
never_direct allow fastsites
As you can see, I don't specify 206.190.39.216 in never_direct or
neighbor_type_domain, but ProxyB still forwards requests to
206.190.39.216 toward ProxyA.
I'm not sure I want to put those addresses in always_direct ... beats
the purpose of Squid mesh (between ProxyB and ProxyC), IMO. But for the
life of me, I still can't figure out how to make ProxyA receive those
forwards.
Rgds.
[p]
Amos Jeffries wrote:
> Pandu E Poluan wrote:
>> Hi all!
>>
>> I've configured my proxies correctly, and now they work as expected.
>>
>> * Requests to fast sites get forwarded to ProxyA, which uses FastInet
>> * Other requests gets handled directly by ProxyB and ProxyC, which
>> uses SlowInet
>>
>> There's a problem, however, that recently cropped up.
>>
>> I've added ".google.com" and "mail.yahoo.com" as a fast sites.
>> Accesses to Google and Yahoo Mail (mail.yahoo.com) gets accelerated,
>> as expected.
>>
>> However, when trying to access the Google cache, apparently the URL
>> uses an IP address instead of a domain name, e.g. "72.14.192.66"
>> Same situation happened when accessing an attachment in Yahoo Mail,
>> it uses an IP address instead of domain name, e.g. "206.190.39.216"
>>
>> I keep getting errors:
>>
>> ===== Error message snip =====
>>
>> The following error was encountered:
>>
>> * * Unable to forward this request at this time. *
>>
>> This request could not be forwarded to the origin server or to any
>> parent caches. The most likely cause for this error is that:
>>
>> * The cache administrator does not allow this cache to make direct
>> connections to origin servers, and
>> * All configured parent caches are currently unreachable.
>>
>> ===== Error message snip =====
>>
>> I think ProxyB and ProxyC somehow performed a reverse DNS, and
>> forwards the IP-address-based requests to ProxyA, while ProxyA only
>> allows explicit URLs in its miss_access directive.
>>
>> I've tried editing the ProxyA's squid.conf like follows:
>>
>> #snippet of ProxyA squid.conf
>> acl fastsites dstdomain .yahoo.com
>> acl fastsites dstdomain .yimg.com
>> acl fastsites dstdomain .yahooapis.com
>> acl fastsites dstdomain .google.com
>> acl fastsites dstdomain .gmail.com
>> acl fastsites dstdomain 206.190.39.216
>> #
>> acl fastsites_ip dst 72.14.192.0/18
>> acl fastsites_ip dst 206.190.39.216
>> #
>> miss_access allow fastsites
>> miss_access allow fastsites_ip
>> miss_access deny siblings
>>
>>
>> But to no avail.
>>
>> Any suggestions?
>>
>
> Does adding the IP-text "206.190.39.216" to the dstdomain ACL work?
> Squid should try an exact text match before doing rDNS.
> Otherwise you may be stuck with an url_regex pattern for those.
>
> Amos
-- *Pandu E Poluan* *Panin Sekuritas* IT Manager / Operations & Audit Phone : +62-21-515-3055 ext 135 Fax : +62-21-515-3061 Mobile : +62-856-8400-426 e-mail : pandu_poluan_at_paninsekuritas.co.id <mailto:pandu_poluan_at_paninsekuritas.co.id> Y!M : hands0me_irc MSN : si-ganteng_at_live.com GTalk : pandu.cakep_at_gmail.comReceived on Mon Apr 20 2009 - 07:27:39 MDT
This archive was generated by hypermail 2.2.0 : Mon Apr 20 2009 - 12:00:02 MDT