On Fri, 1 Apr 2005 wlagmay@xxxxxxxxxxxxx wrote:
acl SSL method CONNECT never_direct allow SSL cache_peer proxy.ISP.net parent 8080 0 default cache_peer ssl-proxy.ISP.net parent 8080 0 default cache_peer_access proxy.ISP.net allow !SSL
For completeness you should also add
cache_peer_access ssl-proxy.ISP.net allow SSL
My questions: If the request is http then there is no doubt that Im using the proxy.ISP.net, what if the request is https does my configuration will automatically forward it to ssl-proxy.ISP.net?
cache_peer_access is a filter per peer, defining what kind of requests may be sent to this peer. If you have not set a cache_peer_access filter for a specific peer then this peer is a candidate for all requests.
After this comes Squids normal peer selection algorithms, selecting which of the available peer candidates the requests should be forwarded to.
The peer selection algorithms in rought order of preference:
- Digest - ICP/HTCP - Direct if never_direct deny (default) and prefer_direct on. - default (1) - round-robin (1) - first available (1) - Direct if never_direct deny (default) and prefer_direct off. - any if never_direct allow
1: Only one peer of these is selected.
If there is a problem Squid automatically falls back on the next.
Regards Henrik