RE: [squid-users] cache_peer_access directive problem from Hubeli Daniel on 2013-07-05 (squid-users)

From: Hubeli Daniel <Daniel.Hubeli_at_corner.ch>
Date: Fri, 5 Jul 2013 16:23:10 +0000

Thanks Amos for the informations.
Actually I didn't understand how could be the workaround. I already usa an "http_acces" befor the directive cache_peer_access:

    http_access allow srcservers1 todomains1
    http_access allow srcservers2 todomains2
    cache_peer_access host11.domain.com allow todomains1
    cache_peer_access host12.domain.com allow todomains2

Shoud I add some other directive if the ACL todomains1 is an IPaddress (dst) ?

Kind regards,
Daniel Hubeli

On 6/07/2013 3:38 a.m., Hubeli Daniel wrote:
> Hi Amos, thanks a lot for the informations.
>
> If I understand correctly:
>
> 1 - Or I choose "round-robin" or "sourcehash". Both doesn't make sense, right ?
Yes. Pick one. In the current Squid it makes no sense to use both.
> Actually my problem is that I have 3 routing possible (2 with balancing):
>
> cache_peer host11.domain.com parent 8084 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
> cache_peer host12.domain.com parent 8084 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
>
> cache_peer host21.domain.com parent 9090 0 proxy-only no-query
>
> cache_peer host31.domain.com parent 8080 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
> cache_peer host32.domain.com parent 8080 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
>
> My scope is to have lot of different small conf files with the allow rule and the indication of which of the 3 alternatives use (cache_peer_access).
> Is reasonable what I've done (deny all the routes in squid.conf and just enable the interesting peer on each include file) ?
That is reasonable yes. In fact exactly what cache_peer_access is
designed for.
>
> 2 - Is impossible to have a routing policy like "cache_peer_access" is I need some acl based on IP destination. Is there some other possibilities to do that ? ... actually 99% of my ACL use dstdomain or regex but for some special needs I need to configure also URL like http://IPADDRESS/ and I'd like to have the possibility to choose the right peer.
You can sort of do it by having one of the "SLOW" group access controls
lookup the destination IP address before peer selection happens.
http_access is the best one. Also be aware that there is no *1*
destination IP - most websites these days are hosted on several
different IP addresses and you never know which the peer will choose.
Amos
Received on Fri Jul 05 2013 - 16:23:16 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 05 2013 - 12:00:11 MDT