Re: [squid-users] Way to hide Caching Server IP from Amos Jeffries on 2009-08-04 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 04 Aug 2009 22:58:49 +1200

Ja-Ryeong Koo wrote:
> Dear Adrian and Amos,
> Thanks for your kind advises.
>
> Adrian,
> I have checked tproxy matters briefly.
> But, I am not sure how to configure accelerator and tproxy functionality
> together on the one caching server.
>
> "http_port 80 vhost accel tproxy" does not work. :-(
>
> Actually, I have one L4 switch load-balancing two apache servers.
> Load-balancing way is sourcehash.
> So, L4 switch would load-balance through client IP addresses.
>
> Could you let me direct how L4 load-balancing can be performed correctly
> through client IP addresses instead Squid IP?

Let me understand this you have:

Client -> Squid -> Load balancer switch -> 2x Apaches ??

I think you really want to be looking at the Squid built-in load
balancing instead of the hardware balancing:

cache_peer ip.of.apache.1 parent 80 0 sourcehash originserver
no-query no-netdb-exchange

cache_peer ip.of.apache.2 parent 80 0 sourcehash originserver
no-query no-netdb-exchange

Squid has all information available already and can make the routing
decisions without requiring many features.

>
> I have thought the answer would be to hide Caching Server's IP address
> to L4 switch.

tproxy would be enough to fool a simple ip-based balancer if you really
must go this way. However its far from the simplest or easiest way to
load balance sources behind Squid.

>
> In advance, thank you for your kind comments and consideration.
>
> Best Regards,
> Ja-Ryeong Koo
>
> On Tue, Aug 4, 2009 at 11:15 AM, Amos Jeffries <squid3_at_treenet.co.nz
> <mailto:squid3_at_treenet.co.nz>> wrote:
>
> On Tue, 4 Aug 2009 10:57:56 +0900, Ja-Ryeong Koo <wjbkoo_at_gmail.com
> <mailto:wjbkoo_at_gmail.com>> wrote:
> > Hello,
> >
> > I am writing this email to ask something regarding ways to hide
> Caching
> > Server IP address.
> >
> > I have one apache server, one caching server (squid2.6.stable22).
> > (Client ------ Caching Server (Reverse Proxy) -------- Apache Server)
> >
> > Now, whenever I try to connect apache server, both the Caching
> server IP
> > and
> > Client IP (my PC ip address) are seen on the Apache server.
> >
> > I hope that the apache server only can see client IP address.
> >
> > Please let me know if you have any kinds of ways to do this.
> >
> > In advance, thank you for your kind consideration.
> >
> > Best Regards,
> > Ja-Ryeong Koo
>
> For reverse-proxy I would advise ignoring the requests logged by Apache,
> and basing analysis and graphs on the Squid logs. There are a LOT of
> details and requests which may never reach the back end Apache.
>
> Amos
>

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE17
   Current Beta Squid 3.1.0.12

Received on Tue Aug 04 2009 - 10:59:00 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 04 2009 - 12:00:03 MDT