Re: [squid-users] New Squid3 Stable 13 Setup from Amos Jeffries on 2009-05-20 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 20 May 2009 18:51:52 +1200

bharathvn wrote:
> Hi Amos,
>
> I see TCP_MISS errors on parent Server's access log
>
> TCP_MISS/200 23162 GET
> http://www.monitor.com/Portals/0/MonitorContent/images/globalOffices_0.jpg -
> DIRECT/12.151.151.79 image/jpeg

Parent proxy has a good connection thats working then.

>
> on Sibling server
>
> i see both TCP_MISS/200 & 503 errors

Log for these?

Amos

>
> Amos Jeffries-2 wrote:
>>> Thanks Amos
>>>
>>> its working now, but i see a small issue when i do query on search engine
>>> like google
>>>
>>> i can directly hit on any site but when i do search i get
>>>
>>> The system returned: (111) Connection refused
>>>
>>> The remote host or network may be down. Please try the request again.
>>>
>> Any other info? is it actually gong direct? what does log say? etc. etc
>>
>> Amos
>>
>>> Thanks
>>>
>>> Amos Jeffries-2 wrote:
>>>>> Hi Amos,
>>>>>
>>>>> Thanks for responding to my message.
>>>>>
>>>>> i am trying to achieve as mentioned below
>>>>>
>>>>> Site A has proxy as Proxy 2 and another proxy is located in different
>>>>> country Site B through tunnel as Proxy1
>>>>>
>>>>> Site A has local internet when fails need all web request to be
>>>>> forwarded
>>>>> to
>>>>> proxy 1 through proxy 2 Ie with out changing client proxy address.
>>>>>
>>>>> similar setup was running for 1 month, some how messed up had to
>>>>> reconfigure
>>>>> from scratch.
>>>>>
>>>> Ah, okay this is what you want for the peering then:
>>>>
>>>> Proxy2:
>>>> prefer_direct on
>>>> cache_peer Proxy1 parent 8080 3130
>>>> ...
>>>>
>>>> Proxy1:
>>>> <only an ACL permitting Proxy2 to make requests as a client>
>>>>
>>>>
>>>> Note the absence of 'default originserver' on proxy2 and any mention of
>>>> peering on proxy1.
>>>>
>>>> If you have any problems with that it will be caused by other configure
>>>> options I've overlooked.
>>>>
>>>> Amos
>>>>
>>>>> bharathvn wrote:
>>>>>> Hi,
>>>>>>
>>>>>> i am trying to setup proxy server as show below
>>>>>>
>>>>>> Client ==>Sibling ==> Parent==> Internet
>>>>>>
>>>>>> i got error when we browse any site from parent server as mentioned
>>>>>> below
>>>>>>
>>>>>> The following error was encountered while trying to retrieve the URL:
>>>>>> /
>>>>>>
>>>>>> Invalid URL
>>>>>>
>>>>>> Some aspect of the requested URL is incorrect.
>>>>>>
>>>>>> Some possible problems are:
>>>>>>
>>>>>> Missing or incorrect access protocol (should be http:// or similar)
>>>>>>
>>>>>> Missing hostname
>>>>>>
>>>>>> Illegal double-escape in the URL-Path
>>>>>>
>>>>>> Illegal character in hostname; underscores are not allowed.
>>>>>>
>>>>>> Your cache administrator is root.
>>>>>>
>>>>>> --------------------------------------------------------------------------------
>>>>>>
>>>>>> Generated Sun, 17 May 2009 18:13:40 GMT by proxy1 (squid/3.0.STABLE13)
>>>>>>
>>>>>> Parent Proxy config
>>>>>>
>>>>>>
>>>>>> http_port 8080
>>>>>> cache_peer proxy2 sibling 8080 0
>>>>>> hierarchy_stoplist cgi-bin ?
>>>>>> acl QUERY urlpath_regex cgi-bin \?
>>>>>> cache deny QUERY
>>>>>> acl apache rep_header Server ^Apache
>>>>>> cache_mem 100 MB
>>>>>> cache_swap_low 90
>>>>>> cache_swap_high 95
>>>>>> access_log /var/log/squid/access.log squid
>>>>>> acl manager proto cache_object
>>>>>> acl localhost src 127.0.0.1/255.255.255.255
>>>>>> acl to_localhost dst 127.0.0.0/8
>>>>>> acl SSL_ports port 443
>>>>>> acl Safe_ports port 80 # http
>>>>>> acl Safe_ports port 21 # ftp
>>>>>> acl Safe_ports port 443 # https
>>>>>> acl Safe_ports port 70 # gopher
>>>>>> acl Safe_ports port 210 # wais
>>>>>> acl Safe_ports port 1025-65535 # unregistered ports
>>>>>> acl Safe_ports port 280 # http-mgmt
>>>>>> acl Safe_ports port 488 # gss-http
>>>>>> acl Safe_ports port 591 # filemaker
>>>>>> acl Safe_ports port 777 # multiling http
>>>>>> acl CONNECT method CONNECT
>>>>>> acl US src b.b.b.b-b.b.b.254
>>>>>> acl server src c.c.c.1-c.c.c.254
>>>>>> http_access allow manager localhost
>>>>>> http_access deny manager
>>>>>> http_access deny !Safe_ports
>>>>>> http_access deny CONNECT !SSL_ports
>>>>>> http_access allow localhost
>>>>>> http_access allow US
>>>>>> http_access allow server
>>>>>> http_access allow all
>>>>>> http_reply_access allow all
>>>>>> icp_access deny all
>>>>>> cache_effective_user squid
>>>>>> cache_effective_group squid
>>>>>> icp_port 0
>>>>>> coredump_dir /var/spool/squid
>>>>>> refresh_pattern ^ftp: 1440 20% 10080
>>>>>> refresh_pattern ^gopher: 1440 0% 1440
>>>>>> refresh_pattern (cgi-bin|\?) 0 0% 0
>>>>>> refresh_pattern . 0 20% 4320
>>>>>>
>>>>>>
>>>>>> Sibling Proxy config
>>>>>>
>>>>>> http_port 8080
>>>>>> cache_peer proxy1 parent 8080 0 default originserver
>>>>>> hierarchy_stoplist cgi-bin ?
>>>>>> acl QUERY urlpath_regex cgi-bin \?
>>>>>> cache deny QUERY
>>>>>> acl apache rep_header Server ^Apache
>>>>>> cache_mem 100 MB
>>>>>> cache_swap_low 90
>>>>>> cache_swap_high 95
>>>>>> access_log /var/log/squid/access.log squid
>>>>>> acl manager proto cache_object
>>>>>> acl localhost src 127.0.0.1/255.255.255.255
>>>>>> acl to_localhost dst 127.0.0.0/8
>>>>>> acl SSL_ports port 443
>>>>>> acl Safe_ports port 80 # http
>>>>>> acl Safe_ports port 21 # ftp
>>>>>> acl Safe_ports port 443 # https
>>>>>> acl Safe_ports port 70 # gopher
>>>>>> acl Safe_ports port 210 # wais
>>>>>> acl Safe_ports port 1025-65535 # unregistered ports
>>>>>> acl Safe_ports port 280 # http-mgmt
>>>>>> acl Safe_ports port 488 # gss-http
>>>>>> acl Safe_ports port 591 # filemaker
>>>>>> acl Safe_ports port 777 # multiling http
>>>>>> acl CONNECT method CONNECT
>>>>>> acl BLR src a.a.a.1-a.a.a.254
>>>>>> acl US src b.b.b.b-b.b.b.254
>>>>>> acl server src c.c.c.1-c.c.c.254
>>>>>> acl TAC src d.d.d.1-d.d.d.254
>>>>>> acl all src 0.0.0.0/255.0.0.0
>>>>>> http_access allow manager localhost
>>>>>> http_access deny manager
>>>>>> http_access deny !Safe_ports
>>>>>> http_access deny CONNECT !SSL_ports
>>>>>> http_access allow localhost
>>>>>> http_access allow BLR
>>>>>> http_access allow US
>>>>>> http_access allow server
>>>>>> http_access allow TAC
>>>>>> http_access deny all
>>>>>> http_reply_access allow all
>>>>>> icp_access allow all
>>>>>> cache_effective_user squid
>>>>>> cache_effective_group squid
>>>>>> icp_port 0
>>>>>> always_direct deny US
>>>>>> always_direct deny BLR
>>>>>> always_direct deny TAC
>>>>>> prefer_direct on
>>>>>> coredump_dir /var/spool/squid
>>>>>> refresh_pattern ^ftp: 1440 20% 10080
>>>>>> refresh_pattern ^gopher: 1440 0% 1440
>>>>>> refresh_pattern . 0 20% 4320
>>>>>>
>>>>>> Pls help me on this.
>>>>>>
>>>>>> Thanks,
>>>>>> Bharathvn
>>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/New-Squid3-Stable-13-Setup-tp23601156p23609041.html
>>>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/New-Squid3-Stable-13-Setup-tp23601156p23609487.html
>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>
>>>
>>
>>
>>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
   Current Beta Squid 3.1.0.7

Received on Wed May 20 2009 - 06:52:03 MDT

This archive was generated by hypermail 2.2.0 : Wed May 20 2009 - 12:00:02 MDT