Re: Re: Want to create SQUID mesh, but force certain URLs to be retrieved by only one Proxy

[Pandu E Poluan <pandu_poluan@xxxxxxxxxxxxxxxxxxxx>]

Okay, some experimentations I made:

I added the following lines on ProxyB:

# lines from Amos' tip
acl fastsites dstdomain .need-fast-inet.com
acl fastsites dstdomain .another-need-fast-inet.com
never_direct allow fastsites

Changes on ProxyA:

# lines from Amos' tip
acl fastsites dstdomain .need-fast-inet.com
acl fastsites dstdomain .another-need-fast-inet.com
# also from Amos' tip
miss_access allow fastsites
miss_access deny siblings
miss_access allow all
# and this one from Amos' tip
always_direct allow fastsites

My browser can't access .need-fast-inet.com

I further changed the following lines to ProxyB:

# added "weight=2 allow-miss"
cache_peer   ProxyA   sibling   3128   4827   htcp weight=2 allow-miss
# added the following line
neighbor_type_domain ProxyA parent .need-fast-inet.com 
.another-need-fast-inet.com

Now, I can access .need-fast-inet.com through ProxyB.

But, isn't that "allow-miss" dangerous?

Any comments?


Rgds.


[p]


Pandu E Poluan wrote:
> Hmmm... strange...
>
> Now, instead of accessing the site objectX, ProxyB and ProxyC users 
> can't access the site at all...
>
> But no SQUID error page shows up... the browser simply times out... 
> Accessing URLs other thatn objectX still works...
>
> objectX is accessible via ProxyA, though.
>
> The changes I made currently:
>
> On ProxyA:
>
> acl objectX dstdomain ...
> miss_access allow objectX
> always_direct allow objectX
>
> On ProxyB/C:
>
> acl objectX dstdomain ...
> never_direct allow objectX
>
> I'll experiment with the settings... maybe also "miss_access allow 
> objectX" on ProxyB and ProxyC?
>
>
> Rgds.
>
>
>
> Pandu E Poluan wrote:
> > Aha! Thanks a lot, Amos  :-)
> >
> > I have been suspicious all along that the solution uses miss_access 
> > and never_direct ... but never saw an example anywhere.
> >
> > Again, much thanks!
> >
> > ** rushes to his proxies to configure them **
> >
> >
> > Rgds.
> >
> >
> > [p]
> >
> >
> > Amos Jeffries wrote:
> > > Pandu E Poluan wrote:
> > > > The URL is allowed to be accessed by everyone, ProxyA-users, and 
> > > > ProxyB/C-users alike.
> > > >
> > > > I just want the URL to be retrieved by ProxyA, because accessing 
> > > > that certain URL through ProxyB/C is too damn slow (pardon the 
> > > > language).
> > > >
> > > >
> > > > Rgds.
> > >
> > > Okay. Thought it might be something like that, just wanted to be 
> > > sure before fuzzing the issue.
> > >
> > > You will need to create an ACL just for this URL (an others you want 
> > > to do the same).
> > >  acl objectX ...
> > >
> > >
> > > proxyA needs to allow peers past the miss_access block.
> > >
> > > proxyA:
> > >  miss_access allow objectX
> > >  miss_access deny siblings
> > >  miss_access allow all
> > >
> > >
> > > siblings must never go direct to the object (always use their parent 
> > > peer)
> > >
> > > proxyB/proxyC:
> > >   never_direct allow objectX
> > >
> > > Amos
> > >
> > > > Amos Jeffries wrote:
> > > > > Pandu E Poluan wrote:
> > > > > > Anyone care to comment on my email?
> > > > > >
> > > > > > And another question: Is it possible to use miss_access with a 
> > > > > > dstdomain acl?
> > > > > >
> > > > > >
> > > > > > Rgds.
> > > > > >
> > > > > >
> > > > > > Pandu E Poluan wrote:
> > > > > > > Hi,
> > > > > > >
> > > > > > > I want to know is there a way to force a URL to be retrieved by 
> > > > > > > only a certain proxy, while ensuring that meshing works.
> > > > > > >
> > > > > > > Here's the scenario:
> > > > > > >
> > > > > > > I have a ProxyA ==> connects to Internet via a fast connection 
> > > > > > > "InetFast"
> > > > > > > This proxy is used by a group of users that really need fast 
> > > > > > > connection.
> > > > > > >
> > > > > > > I have other proxies ProxyB & ProxyC ==> connects to Internet 
> > > > > > > via a slower connection "InetSlow"
> > > > > > > These proxies are used by the rest of the staff.
> > > > > > >
> > > > > > > I configured them all as siblings, with miss_access blocking 
> > > > > > > MISS requests between them, e.g.
> > > > > > >
> > > > > > > # Configuration snippet of ProxyA
> > > > > > > cache_peer <ProxyB> sibling 3128 4827 htcp
> > > > > > > cache_peer <ProxyC> sibling 3128 4827 htcp
> > > > > > > acl siblings src <ProxyB>
> > > > > > > acl siblings src <ProxyC>
> > > > > > > miss_access deny siblings
> > > > > > > miss_access allow all
> > > > > > >
> > > > > > > ProxyB & ProxyC both has similar config.
> > > > > > >
> > > > > > > ( The aim is to 'assist' other staffers using InetSlow so that 
> > > > > > > whatever has been retrieved by the InetFast users will be made 
> > > > > > > available to the rest of the staffs )
> > > > > > >
> > > > > > > Now, let's say there's this URL http://www.need-fast-inet.com/ 
> > > > > > > that I want to be retrieved exclusively by ProxyA.
> > > > > > >
> > > > > > > How would I configure the peering relationships?
> > > > >
> > > > > If you can state the problem and the desired setup clearly in 
> > > > > single-sentence steps you have usually described the individual 
> > > > > config settings needed.
> > > > >
> > > > > Is the URL allowed to be fetched by the slow users through proxyB 
> > > > > into proxy A and then internet?
> > >
> > >
> > > Amos

--
*Pandu E Poluan*
*Panin Sekuritas*
IT Manager / Operations & Audit
Phone : 	+62-21-515-3055 ext 135
Fax : 	+62-21-515-3061
Mobile : 	+62-856-8400-426
e-mail : 	pandu_poluan@xxxxxxxxxxxxxxxxxxxx 
<mailto:pandu_poluan@xxxxxxxxxxxxxxxxxxxx>

	
	
	
	
Y!M : 	hands0me_irc
MSN : 	si-ganteng@xxxxxxxx
GTalk : 	pandu.cakep@xxxxxxxxx