> -----Original Message----- > From: Joost de Heer [mailto:sanguis@xxxxxxxxx] > Sent: Thursday, February 02, 2006 3:45 AM > To: Kinkie > Cc: sanguis@xxxxxxxxx; squid-users@xxxxxxxxxxxxxxx > Subject: Re: Question about 'default' option for > cache_peer > > > Kinkie wrote: > > On Thu, 2006-02-02 at 09:21 +0100, Joost de Heer wrote: > >> Hello, > >> > >> How does the 'default' keyword for cache_peer work exactly? > > > > Does this answer your question? > > > http://squidwiki.kinkie.it/SquidFaq/TroubleShooting#head-36aed > ae8f2cc4943850c22bdbff2e781c76ce2f6 > > > > Kinkie > > What I want to do (and I don't find this answered in the FAQ): > > never_direct allow all > > cache_peer IP1 parent 8080 0 no-query default > cache_peer IP2 parent 8080 0 no-query > cache_peer IP3 parent 8080 0 no-query default > cache_peer IP4 parent 8080 0 no-query > > acl http proto http > acl https method CONNECT > acl all src 0.0.0.0/0.0.0.0 > > cache_peer_access allow IP1 http > cache_peer_access deny IP1 all > cache_peer_access allow IP2 http > cache_peer_access deny IP2 all > cache_peer_access allow IP3 https > cache_peer_access deny IP3 all > cache_peer_access allow IP4 https > cache_peer_access deny all > > I.e. IP1 is default server for http traffic, and IP2 should > only be used > when IP1 isn't available, and IP3 is default for https, and IP4 should > only be used if IP3 isn't available. > > Joost > > >From a quick test, that setup (with properly formatted cache_peer_access lines ;) ) will likely work as expected for HTTP traffic, but will not allow failover for HTTPS*. Testing method: cache_peer DNS-of-proxy1 parent 8080 7 no-query default cache_peer ip-of-proxy1 parent 8080 7 no-query cache_peer DNS-of-proxy2 parent 8080 7 no-query default cache_peer ip-of-proxy2 parent 8080 7 no-query acl http proto http acl https method CONNECT acl all src 0.0.0.0/0.0.0.0 cache_peer_access DNS-of-proxy1 allow http cache_peer_access DNS-of-proxy1 deny all cache_peer_access ip-of-proxy2 allow http cache_peer_access ip-of-proxy2 deny all cache_peer_access DNS-of-proxy2 allow https cache_peer_access DNS-of-proxy2 deny all cache_peer_access ip-of-proxy1 allow https cache_peer_access ip-of-proxy1 deny all Normal result: 1138901882.310 70 myIP TCP_MISS/200 1644 GET http://www.google.com/ - DEFAULT_PARENT/DNS-of-proxy1 text/html 1138901882.545 234 myIP TCP_CLIENT_REFRESH_MISS/200 8922 GET http://www.google.com/intl/en/images/logo.gif - DEFAULT_PARENT/DNS-of-proxy1 image/gif 1138901887.503 409 myIP TCP_MISS/000 19446 CONNECT www.wellsfargo.com:443 - DEFAULT_PARENT/DNS-of-proxy2 - Result with access to proxy1 denied by firewall output rule: 1138901941.860 9752 myIP TCP_MISS/200 1644 GET http://www.google.com/ - ANY_PARENT/IP-of-proxy2 text/html 1138901942.081 221 myIP TCP_CLIENT_REFRESH_MISS/200 8922 GET http://www.google.com/intl/en/images/logo.gif - ANY_PARENT/IP-of-proxy2 image/gif 1138901948.523 612 myIP TCP_MISS/000 19440 CONNECT www.wellsfargo.com:443 - DEFAULT_PARENT/DNS-of-proxy2 - Result with access to proxy2 denied by firewall output rule: 1138901995.241 90 myIP TCP_MISS/200 1646 GET http://www.google.com/ - DEFAULT_PARENT/DNS-of-proxy1 text/html 1138901995.409 168 myIP TCP_CLIENT_REFRESH_MISS/200 8922 GET http://www.google.com/intl/en/images/logo.gif - DEFAULT_PARENT/DNS-of-proxy1 image/gif 1138901999.323 2 myIP TCP_MISS/503 0 CONNECT www.wellsfargo.com:443 - DEFAULT_PARENT/DNS-of-proxy2 - Note that adding the "default" keyword to all cache_peer lines had no effect on the test. CONNECT failover was not achieved. Chris *Results may differ with four different IP addresses.
