Re: [squid-users] both ACL dstdomain and myport exist

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 24 Jun 2009 15:31:13 +1200

On Wed, 24 Jun 2009 10:23:05 +0800 (CST), "Tech W." <techwww_at_yahoo.com.cn>
wrote:
> dear Squid gurus,
>
> I want to set up an accelerator of squid for these cases:
>
> www.example.com:80 => 172.16.0.100:80
> www.example.com:8080 => 172.16.0.100:8080
> library.example.com => 172.16.0.101
>
>
> I have the clues to use both dstdomain and myport ACL, like below:
>
> cache_peer 172.16.0.100 parent 80 0 no-query originserver name=portsw_1
> acl port_1 myport 80
> cache_peer_access portsw_1 allow port_1
>
> cache_peer 172.16.0.100 parent 8080 0 no-query originserver name=portsw_2
> acl port_2 myport 8080
> cache_peer_access portsw_2 allow port_2
>
> cache_peer 172.16.0.101 parent 80 0 no-query originserver name=library
> acl thelib dstdomain library.example.com
> cache_peer_access library allow thelib
>
>
> But, these config will cause the conflict, am I right?
> For example, when user requests:
>
> http://library.example.com/
>
> Squid doesn't know it will forward the request to 172.16.0.100 or
> 172.16.0.101, since both myport and dstdomain ACLs are matched.
>

Move the thelib ACL definition up a bit and add !thelib to the allow lines
for the other peers.

Amos
Received on Wed Jun 24 2009 - 03:31:17 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 24 2009 - 12:00:04 MDT