On 15/07/11 03:05, niemidc wrote:
> One more thing -- I'm using nf-hipac so iptables is not present. I've
> configured with --disable-linux-netfilter, but see this message on every
> request:
>
> kid1| WARNING: transparent proxying not supported
>
> The actual caching process is working fine without NAT, is there a way to
> suppress this message through config?
Should only be happening if the "intercept" option is configured on the
receiving http(s)_port and NAT is disabled. Handling NAT traffic without
correct details from the system NAT tables means everything you are
logging about the visitors is lies. Sure, the visitor gets valid info
back, but you still don't know exactly who they were.
If you don't have intercept set on the arrival http_port that is a bug
we need to get fixed.
>
> As for mixing items in memory cache, I've now remembered this is why I have
> the acl like this "cache_peer_access server3333 deny !www3333". In my
> testing this seemed to preclude requests getting to the wrong cache item.
> But it is all far from simple, I'd love to hear a more streamlined way to do
> it.
That is the correct way to configure it. If, as you are, managing
hundreds in the one config you can use some tricks with the include
directive now. On linux it cam grok a whole folder worth of config files
and load them.
/etc/squid/squid.conf:
...
http_access deny CONNECT !SSL_Ports
include /etc/squid/peers/*
http_access deny all
Each one of the files under /etc/squid/peers/ can have an auto-generated
snippet of config relevant to that peer. ie http_port + cache_peer + acl
+ cache_peer_access + http_access.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.9Received on Thu Jul 14 2011 - 16:22:38 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 14 2011 - 12:00:02 MDT