Re: [squid-users] Reverse Proxy - order of cache_peer_access rules from Amos Jeffries on 2011-06-26 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 27 Jun 2011 00:08:24 +1200

On 26/06/11 21:41, Oskar Stolc wrote:
> Hi,
>
> I am trying to set up a Squid reverse proxy, but it does not want to
> work according my expectations.
>
> I am serving two sites:
> - www.example1.com
> - www.example2.com
>
> I have 3 backend servers:
> - 10.0.0.1
> - 10.0.0.2
> - 10.0.0.3
>
> I want Squid to send the
> - www.example1.com queries to server 10.0.0.1
> - www.example2.com queries to server 10.0.0.2
> - if the query contains an o=16188 HTTP parameter I want Squid to send
> it to 10.0.0.3 regardless of domain
>
> Example:
> - http://www.example1.com/?a=1&b=2 - goes to 10.0.0.1
> - http://www.example2.com/?a=1&b=2 - goes to 10.0.0.2
> - http://www.example1.com/?a=1&o=16188 - goes to 10.0.0.3
> - http://www.example2.com/?a=1&o=16188 - goes to 10.0.0.3
>
> My configuration looks like this:
>
> acl site1 dstdomain www.example1.com
> acl site2 dstdomain www.example2.com
>
> acl ocode_param urlpath_regex o=16188
>
> http_access allow site1
> http_access allow site2
>
> http_port 80 accel defaultsite=www.example1.com vhost
>
> cache_peer 10.0.0.1 parent 80 0 no-query originserver name=server1
> cache_peer 10.0.0.2 parent 80 0 no-query originserver name=server2
> cache_peer 10.0.0.3 parent 80 0 no-query originserver name=server3
>
> cache_peer_access server3 allow ocode_param
>
> cache_peer_access server1 allow site1
> cache_peer_access server2 allow site2
>
> cache_peer_access server1 deny all
> cache_peer_access server2 deny all
> cache_peer_access server3 deny all
>
>
> The problem is that the queries with o=16188 don't go to 10.0.0.3, but
> are routed to 10.0.0.1 or 10.0.0.2 instead (based on domain). Does it
> mean the cache_peer_access rules are not "first match first win"
> rules? Should I re-order them? How?

Selection is based on cache_peer directive order.

cache_peer_access is just a modifier to prevent particular selection
choices being made.

"server1 allow site1" permits all site1, regardless of ocode_param.

Solution is to either add !ocode_param to each of the server1 and
server2 access allows, or move cache_peer for server3 to the top.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.9 and 3.1.12.3

Received on Sun Jun 26 2011 - 12:08:35 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 29 2011 - 12:00:02 MDT