Isaac Witmer wrote:
Sorry, I did a bad job of explaining.
I had SquidGuard as a url_rewrite_program redirecting all Ubuntu
Repository links to 10.42.43.1:9999, (the local net IP).
So Apt-proxy (working off this port) was doing the caching, and squid
shouldn't be. (in the case of a corrupt file getting cached, it would
only be in one place, instead of both)
After looking in the cache.log file with debug_options All,3
2010/02/04 13:51:28.288| ACLChecklist::preCheck: 0x85f8fb0 checking
'cache deny ubuntu_repo'
2010/02/04 13:51:28.288| ACLList::matches: checking ubuntu_repo
2010/02/04 13:51:28.288| ACL::checklistMatches: checking 'ubuntu_repo'
2010/02/04 13:51:28.289| aclMatchDomainList: checking '10.42.43.1'
2010/02/04 13:51:28.289| aclMatchDomainList: '10.42.43.1' NOT found
It turns out that I needed one extra 'cache deny' rule in this case. I
don't understand it entirely but it seems adding a cache deny rule for
"localnet" (which was already defined for my local area network) also
helped to blacklist the 10.42.43.1 ip address.
-Isaac
Ah. Okay.
(I assume 10.42.43.1:9999 is the apt-proxy address and listening port?)
What you need to do is drop the redirector and the special cache deny.
And replace it with this:
cache_peer 10.42.43.1 parent 9999 0 no-query proxy-only name=apt
acl ubuntu dstdomain archive.ubuntu.com archive.canonical.com
security.ubuntu.com ke.archive.ubuntu.com
cache_peer_access apt allow ubuntu
cache_peer_access apt deny all
never_direct allow ubuntu
NP: the "proxy-only" option is equivalent to "cache deny" but only
affects objects successfully fetched through the peer proxy.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23
Current Beta Squid 3.1.0.16
