On Mon, 20 Jul 2009 20:25:34 -0300, "Soporte Técnico @lemNet"
<soporte_at_nodoalem.com.ar> wrote:
> I have an freebsd 7.0 box with squid 2.6 stable 16 running.
>
> I have another box with freebsd 7.0 and same squid 2.6 running with
another
>
> internet connection.
>
> In the first squid i have the rules:
>
> cache_peer ip_of_the_second_box parent 8080 3130 no-query default
> (working fine)
>
> and the rules
>
> acl nospeedygonzalez urlpath_regex -i .exe .zip .cab .rar .bin .com .gz
> .hqz
> .image .mpg .mpeg .mov .qt .movie .moov .sit .sea .t
> ar .tiff .tif .z .7z .arj .sea .sitx .mds .iso .md5 .cue .ibp .ibq .tao
>
> never_direct allow !nospeedygonzalez
> always_direct allow nospeedygonzalez
Reason #1 why we suggest people steer away from regex is that its _SLOW_ .
Also, note that these patterns will be evaluated at least twice for every
request.
Reason #2 why we suggest people stay away from regex is the fatal flaw you
have hit....
>
> My idea is that all content in nospeedygonzalez always go direct (using
my
> gateway) and all the content that there are not in nospeedygonzalez
always
> use the default_parent that i have with another internet connection.
>
> Well, when i see the access.log i can see this.
>
> 1248131762.782 832 ip_of_the_second_box TCP_MISS/200 3432 GET
>
http://images.metaservices.microsoft.com/cover/075/drh300/h307/h30764dz5c6.jpg?
> -
> DIRECT/65.54.93.146 image/jpeg
> 1248131764.082 2129 ip_of_the_second_box TCP_MISS/200 12398 GET
>
http://images.metaservices.microsoft.com/cover/200/drh300/h307/h30764dz5c6.jpg?
The path contains a 'd' followed by a 'z': matching pattern .z
Causing nospeedygonzalez to be true and always_direct to happen.
> -
> DIRECT/65.54.93.141 image/jpeg
> 1248131796.543 670 ip_of_the_second_box TCP_MISS/304 246 GET
> http://www.folkloredelnorte.com.ar/images/thens2.jpg -
DIRECT/64.136.20.58
The path contains a '/' followed by a 't': matching pattern .t
The path contains a '/' followed by a 'image': matching pattern .image
Causing nospeedygonzalez to be true and always_direct to happen.
... same for all the other lines you posted.
>
> Same things for .gif and other extentions not included in
nospeedygonzalez
> (that i want always came from parent server and no direct), i have no
other
>
> rules in the squid.conf in conflict with this rules, squid seems no being
> aplying my rules correctly.
>
> Any idea ?
Your patterns are not matching file extensions. They are matching mid-way
down the path.
I change your ".exe" pattern for my example, repeat for all patterns you
have.
Dot in regex is a wildcard matching *any single character*. Use \. to
match real dots in the URL.
\.exe
Make it only match when at the end of the URL:
\.exe$
or if you expect the URL sometimes to also have a ? followed by unknown
stuff:
\.exe(\?.*)?$
NP: Filename text in URL is not as trustworthy as most people think.
Consider using rep_mime_type ACL to match the actual reply object type. It
matches when websites do stuff like send an .exe as:
http://example.com/file.jpg?bwahaha or
http://example.com/download.php?bwahaha
Amos
Received on Tue Jul 21 2009 - 00:43:10 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 21 2009 - 12:00:03 MDT
