On Mon, 20 Jul 2009 20:25:34 -0300, "Soporte Técnico @lemNet" <soporte@xxxxxxxxxxxxxxx> wrote: > I have an freebsd 7.0 box with squid 2.6 stable 16 running. > > I have another box with freebsd 7.0 and same squid 2.6 running with another > > internet connection. > > In the first squid i have the rules: > > cache_peer ip_of_the_second_box parent 8080 3130 no-query default > (working fine) > > and the rules > > acl nospeedygonzalez urlpath_regex -i .exe .zip .cab .rar .bin .com .gz > .hqz > .image .mpg .mpeg .mov .qt .movie .moov .sit .sea .t > ar .tiff .tif .z .7z .arj .sea .sitx .mds .iso .md5 .cue .ibp .ibq .tao > > never_direct allow !nospeedygonzalez > always_direct allow nospeedygonzalez Reason #1 why we suggest people steer away from regex is that its _SLOW_ . Also, note that these patterns will be evaluated at least twice for every request. Reason #2 why we suggest people stay away from regex is the fatal flaw you have hit.... > > My idea is that all content in nospeedygonzalez always go direct (using my > gateway) and all the content that there are not in nospeedygonzalez always > use the default_parent that i have with another internet connection. > > Well, when i see the access.log i can see this. > > 1248131762.782 832 ip_of_the_second_box TCP_MISS/200 3432 GET > http://images.metaservices.microsoft.com/cover/075/drh300/h307/h30764dz5c6.jpg? > - > DIRECT/65.54.93.146 image/jpeg > 1248131764.082 2129 ip_of_the_second_box TCP_MISS/200 12398 GET > http://images.metaservices.microsoft.com/cover/200/drh300/h307/h30764dz5c6.jpg? The path contains a 'd' followed by a 'z': matching pattern .z Causing nospeedygonzalez to be true and always_direct to happen. > - > DIRECT/65.54.93.141 image/jpeg > 1248131796.543 670 ip_of_the_second_box TCP_MISS/304 246 GET > http://www.folkloredelnorte.com.ar/images/thens2.jpg - DIRECT/64.136.20.58 The path contains a '/' followed by a 't': matching pattern .t The path contains a '/' followed by a 'image': matching pattern .image Causing nospeedygonzalez to be true and always_direct to happen. ... same for all the other lines you posted. > > Same things for .gif and other extentions not included in nospeedygonzalez > (that i want always came from parent server and no direct), i have no other > > rules in the squid.conf in conflict with this rules, squid seems no being > aplying my rules correctly. > > Any idea ? Your patterns are not matching file extensions. They are matching mid-way down the path. I change your ".exe" pattern for my example, repeat for all patterns you have. Dot in regex is a wildcard matching *any single character*. Use \. to match real dots in the URL. \.exe Make it only match when at the end of the URL: \.exe$ or if you expect the URL sometimes to also have a ? followed by unknown stuff: \.exe(\?.*)?$ NP: Filename text in URL is not as trustworthy as most people think. Consider using rep_mime_type ACL to match the actual reply object type. It matches when websites do stuff like send an .exe as: http://example.com/file.jpg?bwahaha or http://example.com/download.php?bwahaha Amos
