> -----Original Message----- > From: Nolan Rumble [mailto:nmr@xxxxxxxxx] > Sent: Friday, November 18, 2005 5:43 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: getting squid to choose between 2 > proxy servers > > > Hi, > > We have 2 proxy servers in our network. One for free-websites and one > for the non-free websites. > > We have a javascript file (proxy.pac) which allows the > application using > the file to decide which proxy server to connect to. > > The problem is that when you want to download a file (for > example using wget) Does wget honor proxy.pac files? > it will always be downloaded through the non-free proxy server > regardless of whether the file I'm trying to retrieve is in > the list of > free websites or not. > Perhaps a silly question, but have you tried changing the order of the proxies in the PAC file? > Now what I would like to do is the following: > Setup my own proxy server so that it will distinguish between which is > free and which isn't. A file must get parsed upon reloading > squid which > lists the domains which are regarded as free. > > These free domains must go through proxy1 and all the non-free domains > must go through proxy2. > > What configuration lines must I use to get this setup working? > If I'm not mistaken, cache_peer_access is what you want to use. Make sure you also set "never_direct allow all" on this child cache. > Another thing is to make sure that the client's (which requests the > website) IP address gets sent to the parent squid servers as well so > that an authentication process can take place. (The parent squid > servers (proxy1, proxy2) check to see if your IP address has been > "opened up" for access (Is this where the x-forwarded-for option comes > in?)) > Here is where things get tricky... The XFF option allows the proxy to parse XFF headers and use the original client IP. So in your case, the easiest option would be to use XFF on the parent caches. > Unfortunately I can't change anything on the parent proxy servers > (proxy1 & proxy2). This makes things considerably more tricky. You are going to have to either use a Linux patch (the name of which escapes me at the moment; it has been mentioned in the archives fairly recently though) to allow the Squid box to masquerade as the clients it serves, or use a one-to-one NAT (also mentioned in the archives). > I don't want to run ICP queries to the parent > servers. > Use "no-query" in the cache_peer line. That part, at least, is simple enough. > Any help would be appreciated :) > Seriously, check out your proxy.pac. That is going to be your easiest option by far. > Thanks > Nolan > Chris
