Search squid archive

Re: Re: Want to create SQUID mesh, but force certain URLs to be retrieved by only one Proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Okay, some experimentations I made:

I added the following lines on ProxyB:

# lines from Amos' tip
acl fastsites dstdomain .need-fast-inet.com
acl fastsites dstdomain .another-need-fast-inet.com
never_direct allow fastsites

Changes on ProxyA:

# lines from Amos' tip
acl fastsites dstdomain .need-fast-inet.com
acl fastsites dstdomain .another-need-fast-inet.com
# also from Amos' tip
miss_access allow fastsites
miss_access deny siblings
miss_access allow all
# and this one from Amos' tip
always_direct allow fastsites

My browser can't access .need-fast-inet.com

I further changed the following lines to ProxyB:

# added "weight=2 allow-miss"
cache_peer   ProxyA   sibling   3128   4827   htcp weight=2 allow-miss
# added the following line
neighbor_type_domain ProxyA parent .need-fast-inet.com .another-need-fast-inet.com

Now, I can access .need-fast-inet.com through ProxyB.

But, isn't that "allow-miss" dangerous?

Any comments?


Rgds.


[p]


Pandu E Poluan wrote:
Hmmm... strange...

Now, instead of accessing the site objectX, ProxyB and ProxyC users can't access the site at all...

But no SQUID error page shows up... the browser simply times out... Accessing URLs other thatn objectX still works...

objectX is accessible via ProxyA, though.

The changes I made currently:

On ProxyA:

acl objectX dstdomain ...
miss_access allow objectX
always_direct allow objectX

On ProxyB/C:

acl objectX dstdomain ...
never_direct allow objectX

I'll experiment with the settings... maybe also "miss_access allow objectX" on ProxyB and ProxyC?


Rgds.



Pandu E Poluan wrote:
Aha! Thanks a lot, Amos  :-)

I have been suspicious all along that the solution uses miss_access and never_direct ... but never saw an example anywhere.

Again, much thanks!

** rushes to his proxies to configure them **


Rgds.


[p]


Amos Jeffries wrote:
Pandu E Poluan wrote:
The URL is allowed to be accessed by everyone, ProxyA-users, and ProxyB/C-users alike.

I just want the URL to be retrieved by ProxyA, because accessing that certain URL through ProxyB/C is too damn slow (pardon the language).


Rgds.


Okay. Thought it might be something like that, just wanted to be sure before fuzzing the issue.

You will need to create an ACL just for this URL (an others you want to do the same).
 acl objectX ...


proxyA needs to allow peers past the miss_access block.

proxyA:
 miss_access allow objectX
 miss_access deny siblings
 miss_access allow all


siblings must never go direct to the object (always use their parent peer)

proxyB/proxyC:
  never_direct allow objectX

Amos


Amos Jeffries wrote:
Pandu E Poluan wrote:
Anyone care to comment on my email?

And another question: Is it possible to use miss_access with a dstdomain acl?


Rgds.


Pandu E Poluan wrote:
Hi,

I want to know is there a way to force a URL to be retrieved by only a certain proxy, while ensuring that meshing works.

Here's the scenario:

I have a ProxyA ==> connects to Internet via a fast connection "InetFast" This proxy is used by a group of users that really need fast connection.

I have other proxies ProxyB & ProxyC ==> connects to Internet via a slower connection "InetSlow"
These proxies are used by the rest of the staff.

I configured them all as siblings, with miss_access blocking MISS requests between them, e.g.

# Configuration snippet of ProxyA
cache_peer <ProxyB> sibling 3128 4827 htcp
cache_peer <ProxyC> sibling 3128 4827 htcp
acl siblings src <ProxyB>
acl siblings src <ProxyC>
miss_access deny siblings
miss_access allow all

ProxyB & ProxyC both has similar config.

( The aim is to 'assist' other staffers using InetSlow so that whatever has been retrieved by the InetFast users will be made available to the rest of the staffs )

Now, let's say there's this URL http://www.need-fast-inet.com/ that I want to be retrieved exclusively by ProxyA.

How would I configure the peering relationships?

If you can state the problem and the desired setup clearly in single-sentence steps you have usually described the individual config settings needed.

Is the URL allowed to be fetched by the slow users through proxyB into proxy A and then internet?



Amos



--
*Pandu E Poluan*
*Panin Sekuritas*
IT Manager / Operations & Audit
Phone : 	+62-21-515-3055 ext 135
Fax : 	+62-21-515-3061
Mobile : 	+62-856-8400-426
e-mail : pandu_poluan@xxxxxxxxxxxxxxxxxxxx <mailto:pandu_poluan@xxxxxxxxxxxxxxxxxxxx>

	
	
	
	
Y!M : 	hands0me_irc
MSN : 	si-ganteng@xxxxxxxx
GTalk : 	pandu.cakep@xxxxxxxxx


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux