Nope.
acl fastsites dstdomain 206.190.39.216
Still result in the "Unable to forward this request" error.
I'm a bit stumped here... how to prevent ProxyB and ProxyC from
forwarding that IP address?
Just FYI, here's a snippet of ProxyB's squid.conf:
# snippet of ProxyB squid.conf
#
# This is ProxyC
cache_peer 172.31.160.99 sibling 3128 4827 htcp
# And this is ProxyA
cache_peer 172.31.2.103 sibling 3128 4827 htcp weight=2 allow-miss
#
# ProxyA selectively becomes parent for these domains
neighbor_type_domain 172.31.2.103 parent .yahoo.com .yimg.com .yahooapis.com
neighbor_type_domain 172.31.2.103 parent .google.com .google.co.id
.gmail.com
#
acl fastsites dstdomain .yahoo.com
acl fastsites dstdomain .yimg.com
acl fastsites dstdomain .yahooapis.com
acl fastsites dstdomain .google.com
acl fastsites dstdomain .gmail.com
#
never_direct allow fastsites
As you can see, I don't specify 206.190.39.216 in never_direct or
neighbor_type_domain, but ProxyB still forwards requests to
206.190.39.216 toward ProxyA.
I'm not sure I want to put those addresses in always_direct ... beats
the purpose of Squid mesh (between ProxyB and ProxyC), IMO. But for the
life of me, I still can't figure out how to make ProxyA receive those
forwards.
Rgds.
[p]
Amos Jeffries wrote:
Pandu E Poluan wrote:
Hi all!
I've configured my proxies correctly, and now they work as expected.
* Requests to fast sites get forwarded to ProxyA, which uses FastInet
* Other requests gets handled directly by ProxyB and ProxyC, which
uses SlowInet
There's a problem, however, that recently cropped up.
I've added ".google.com" and "mail.yahoo.com" as a fast sites.
Accesses to Google and Yahoo Mail (mail.yahoo.com) gets accelerated,
as expected.
However, when trying to access the Google cache, apparently the URL
uses an IP address instead of a domain name, e.g. "72.14.192.66"
Same situation happened when accessing an attachment in Yahoo Mail,
it uses an IP address instead of domain name, e.g. "206.190.39.216"
I keep getting errors:
===== Error message snip =====
The following error was encountered:
* * Unable to forward this request at this time. *
This request could not be forwarded to the origin server or to any
parent caches. The most likely cause for this error is that:
* The cache administrator does not allow this cache to make direct
connections to origin servers, and
* All configured parent caches are currently unreachable.
===== Error message snip =====
I think ProxyB and ProxyC somehow performed a reverse DNS, and
forwards the IP-address-based requests to ProxyA, while ProxyA only
allows explicit URLs in its miss_access directive.
I've tried editing the ProxyA's squid.conf like follows:
#snippet of ProxyA squid.conf
acl fastsites dstdomain .yahoo.com
acl fastsites dstdomain .yimg.com
acl fastsites dstdomain .yahooapis.com
acl fastsites dstdomain .google.com
acl fastsites dstdomain .gmail.com
acl fastsites dstdomain 206.190.39.216
#
acl fastsites_ip dst 72.14.192.0/18
acl fastsites_ip dst 206.190.39.216
#
miss_access allow fastsites
miss_access allow fastsites_ip
miss_access deny siblings
But to no avail.
Any suggestions?
Does adding the IP-text "206.190.39.216" to the dstdomain ACL work?
Squid should try an exact text match before doing rDNS.
Otherwise you may be stuck with an url_regex pattern for those.
Amos
--
*Pandu E Poluan*
*Panin Sekuritas*
IT Manager / Operations & Audit
Phone : +62-21-515-3055 ext 135
Fax : +62-21-515-3061
Mobile : +62-856-8400-426
e-mail : pandu_poluan@xxxxxxxxxxxxxxxxxxxx
<mailto:pandu_poluan@xxxxxxxxxxxxxxxxxxxx>
Y!M : hands0me_irc
MSN : si-ganteng@xxxxxxxx
GTalk : pandu.cakep@xxxxxxxxx
