Hello list,
Some medieval country that shall remain unnamed is blocking access to some specific websites, but the list of websites is huge, dynamic, and not public.
I have two proxy servers, one of which is located outside of this firewall, but access to this proxy server is slower than to the local one.
I would like to configure the local proxy to use a peer cache based on the geoip address of the destination.
If the required object belongs to a specific country then the request will go through the second proxy.
I know about the cache_peer_domain option, but I would like to use a geoip based solution.
So this is what I came up with:
external_acl_type GeoIP ttl=1 negative_ttl=1 children=1 concurrency=0 %DST /var/tmp/acl_geoip.pl
acl AclGeoIP
external GeoIP
cache_peer 10.160.48.250 sibling 8080 0 name=external_proxy
cache_peer_access external_proxy allow AclGeoIP
cache_peer_access external_proxy deny all
/var/tmp/acl_geoip.pl is a dummy script that logs its input and returns "OK":
#!/usr/bin/perl
open FD, ">/tmp/test.$$";
select FD;
$|=1;
select STDOUT;
$|=1;
print FD "Starting $0 with parameters: "..join(', ',@ARGV)."\n";
while (<STDIN>) {
print FD $_;
print "OK\n";
}
close FD;
I can see the "Starting xxx with parameters xxx" in the log file, but nothing else is written.
This is what I get on the logs when visiting yahoo:
2009/10/26 16:08:10.776| FwdState::start() 'http://www.yahoo.com/'
2009/10/26 16:08:10.776| StoreEntry::lock: key '312257ED4F8C8AE02ABE51C413EC3927'
count=2
2009/10/26
16:08:10.776| peerSelect: http://www.yahoo.com/
2009/10/26 16:08:10.776| StoreEntry::lock: key '312257ED4F8C8AE02ABE51C413EC3927' count=3
2009/10/26 16:08:10.776| peerSelectFoo: 'GET www.yahoo.com'
2009/10/26 16:08:10.776| peerCheckNetdbDirect: MY RTT = 0 msec
2009/10/26 16:08:10.776| peerCheckNetdbDirect: minimum_direct_rtt = 400 msec
2009/10/26 16:08:10.776| peerCheckNetdbDirect: MY hops = 0
2009/10/26 16:08:10.776| peerCheckNetdbDirect: minimum_direct_hops = 4
2009/10/26 16:08:10.776| whichPeer: from 0.0.0.0 port 0
2009/10/26 16:08:10.776| peerSelectFoo: direct = DIRECT_MAYBE
2009/10/26 16:08:10.776| peerDigestLookup: peer 10..160.48.250
2009/10/26 16:08:10.776| aclCheckFast: list: 0xb81bc748
2009/10/26 16:08:10.776| ACLChecklist::preCheck: 0xbfa30b24 checking
'cache_peer_access external_proxy
allow AclGeoIP'
2009/10/26 16:08:10.776| ACLList::matches: checking AclGeoIP
2009/10/26 16:08:10.776| ACL::checklistMatches: checking 'AclGeoIP'
2009/10/26 16:08:10.776| aclMatchExternal: GeoIP("www.yahoo.com") = lookup needed
2009/10/26 16:08:10.776| aclMatchExternal: "www.yahoo.com": entry=@0, age=0
2009/10/26 16:08:10.776| aclMatchExternal: "www.yahoo.com": queueing a call.
2009/10/26 16:08:10.776| aclMatchExternal: "www.yahoo.com": return -1.
2009/10/26 16:08:10.776| ACL::ChecklistMatches: result for 'AclGeoIP' is -1
2009/10/26 16:08:10.776| ACLList::matches: result is false
2009/10/26 16:08:10.776|
aclmatchAclList: 0xbfa30b24 returning false (AND list entry failed to
match)
2009/10/26 16:08:10.776| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0
2009/10/26 16:08:10.776| ACLChecklist::preCheck: 0xbfa30b24 checking 'cache_peer_access external_proxy deny all'
2009/10/26 16:08:10.776| ACLList::matches: checking all
2009/10/26 16:08:10.776| ACL::checklistMatches: checking 'all'
2009/10/26 16:08:10.776| aclMatchIp: '172.16.10.10' found
2009/10/26 16:08:10.776| ACL::ChecklistMatches: result for 'all' is 1
2009/10/26 16:08:10.776| ACLList::matches: result is true
So the acl is evaluated, returns false, and the log file doesn't have any output. How come?
Thanks for your help, and sorry for the long message.
