On fre, 2008-07-11 at 07:49 -0700, John Doe wrote: > I don't have use allow-miss. > But I do have: > header_access Cache-Control deny all > header_replace Cache-Control max-age=864000 > I will try without it... That explains the loops in sibling setup. But it does not explain why your cache_peer_access rules wasn't effective. Thise should have worked... > > > To solve this, I tried to prevent a squid from querying a sibling on behalf of > > another sibling: > > > > > > example of squid1.conf: > > > cache_peer 192.168.17.12 sibling 8000 3130 proxy-only name=squid2 > > > cache_peer 192.168.17.13 sibling 8000 3130 proxy-only name=squid3 > > > cache_peer 192.168.17.14 sibling 8000 3130 proxy-only name=squid4 > > > > > > acl from_squids src 192.168.17.12 > > > acl from_squids src 192.168.17.13 > > > acl from_squids src 192.168.17.14 > > > > > > cache_peer_access squid2 deny from_squids > > > cache_peer_access squid3 deny from_squids > > > cache_peer_access squid4 deny from_squids > > > > > > But it is not helping... > > > > That should defenitely help. > > > > What is said in access.log? > > If I ask squid2 for a looping object: > > squid2 access.log: > 1215783827.918 1 192.168.17.12 TCP_MISS/200 7188 GET http://192.168.16.23/img/spain.gif - FIRST_UP_PARENT/apache image/gif > 1215783827.919 2 192.168.17.12 TCP_MISS/200 7233 GET http://192.168.16.23/img/spain.gif - CD_SIBLING_HIT/squid3 image/gif Why is there two requests from 17.12? Are you still not using tcp_outgoing_address? Please add appropriate tcp_outgoing_address directives. Assuming the squid2 config looks the same as the squid1 save for the rotation of the servers to squid1,3,4 your cache_peer_access rule won't match here as the request is coming from 17.12 which is the squid2 address.. To answer your other question about Apache, there is no big problem with having the setup as you do with a set of apaches on different ports, but you may need to tweak the Apache config a little to make Apache assume port 80 in references to itself, used. when sending a browser redirect etc such as seen when requesting http://server/directory without trailing / Additionally you probably only need one instance of Apache.. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part