you can do it using an external helper acl.
what i would do is a simple "heat beat" marker in a ramfs.
one loop that will run in the background and will check the status of
the parent cache_peer every 30 secs or 60 secs and in a case of a
failure to create a file in the ramfs\tmp that will indicate that the
parent proxy is down.
two scripts are included for PROXY heartbeat check.
Eliezer
#external acl proxy state checker start:
#/bin/bash
#proxystatcheck.sh by Eliezer Croitoru
#you can use a ramfs/shm fs to lower the disk R\W access
while read url
do
if [ -a /tmp/proxy1.err ]
then
echo ERR
else
echo OK
fi
done
#external acl proxy state checker end
#proxy heart beat state checker start:
#/bin/bash
#proxyhb.sh
#heart beat state script by Eliezer Croitoru
#customize the locations and files names
#change the proxy address and test url
#the alive.html contains: <html><body><h1>It works!</h1></body></html>
#you can use a ramfs/shm fs to lower the disk R\W access
timestamp="$(date +%Y-%m-%d_%a_%H_%M)"
LOGFILE="/var/log/proxystat.log"
MARKER="/tmp/proxy1.err"
PROXYADD="http://127.0.0.1:3128/"
WORKSTAR="http://www1.ngtech.co.il/alive.html"
STATE="0"
echo "$timestamp starting proxy 127.0.0.1:3128 heartbeat">>$LOGFILE
if [ -a $MARKER ] ; then
rm $MARKER
fi
while true;do
curl -s -x $PROXYADD $WORKSTAR|grep "works\!" >/dev/null 2>&1
TESTRES=$?
timestamp="$(date +%Y-%m-%d_%a_%H_%M)"
if [ $TESTRES == 0 ] && [ $STATE == 0 ]
then
echo "$timestamp proxy still up" >>$LOGFILE
fi
if [ "$TESTRES" == 0 ] && [ "$STATE" == 1 ]
then
rm $MARKER
STATE="0"
echo "$timestamp proxy got up" >>$LOGFILE
fi
if [ "$TESTRES" == 1 ] && [ "$STATE" == 0 ]
then
touch $MARKER
STATE="1"
echo "$timestamp proxy got down">>$LOGFILE
fi
if [ "$TESTRES" == 1 ] && [ "$STATE" == 1 ]
then
echo "$timestamp proxy down again">>$LOGFILE
fi
# debug options to see the last log and end progress of loop on stdout
#tail -1 $LOGFILE
#echo "$timestamp sleeping"
sleep 30
done
#proxy heart beat state checker end
On 30/05/2012 12:59, nipun_mlist Assam wrote:
> Thanks Amos and Eliezer for the hints.
>
> I could achieve my requirements by having some rules as below:
>
> never_direct deny aclforclient_c1 #Here we allow direct access of
> internet from squid if parent is down
> never_direct allow aclforclient_c2 #Here squid drops the connection if
> parent is down
> never_direct allow all
> always_direct deny all
>
> Is there any way to make the "never_direct" rules aware of the parent
> proxies (i.e. making parent proxy specific never_direct rules).
>
>
>
> On Tue, May 29, 2012 at 6:13 PM, Eliezer Croitoru<eliezer_at_ngtech.co.il> wrote:
>> On 29/05/2012 14:07, Amos Jeffries wrote:
>>>
>>> On 29/05/2012 10:13 p.m., nipun_mlist Assam wrote:
>>>>
>>>> Is there any way through which I can control traffic from only few
>>>> clients to connect directly to internet if the upstream parent proxies
>>>> are down.
>>>> For example, in an example configuration squid forwards traffic from
>>>> client C1 and C2 to parent proxy P.
>>>>
>>>> HTTP traffic from client C1 and C2<---> forwarding squid<---> P<--->
>>>> cloud
>>>>
>>>> If parent P is down I want C1's traffic to be sent directly to the
>>>> internet by squid, while for C2 the connection should be dropped by
>>>> squid.
>>>>
>>>> "prefer_direct off" affects traffics from all the clients.
>>>> Is there any way to use a combination of "prefer_direct off" and
>>>> "never_direct allow all/ always_direct deny all" ?
>>>
>>>
>>> never_direct and allow_direct are lists with multiple lines performing
>>> if-else logic just like http_access.
>>>
>>> Think about it like this: you said you want these clients to go direct
>>> *sometimes*, so why are you setting them to *never* go direct? ("all"
>>> matches everything).
>>>
>>> prefer_direct determins whether the parent or DIRECT are *tried* first.
>>> First route to succeed suplies the answer.
>>>
>>> Amos
>>
>> i can think of a never direct and always direct and using an external helper
>> that will determine if the client will match the category of never_direct or
>> always_direct.
>>
>> Eliezer
>>
>> --
>> Eliezer Croitoru
>> https://www1.ngtech.co.il
>> IT consulting for Nonprofit organizations
>> eliezer<at> ngtech.co.il
>
>
>
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Wed May 30 2012 - 13:52:50 MDT
This archive was generated by hypermail 2.2.0 : Thu May 31 2012 - 12:00:05 MDT