Sorry the config file is a bit of a legacy of 5 people who been touching the config in the past years. So...I've did what you said: -removed "always_direct allow all" -cahnged "via off" -> "via on" -changed " icp_access deny all" -> " icp_access allow all" I have a result as an empty white page in my browser, and nothing in the access.log Still no UDP_*_ or any sign of the servers talking to the other, but worst because I dont even see myself accessing to any site anymore. Might be something still missing? Thanks, Tibby -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Wednesday, September 08, 2010 2:42 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: RE: Two squid servers to talk to each other before the internet On 08/09/10 21:20, Tóth Tibor Péter wrote: > Hi Amos! > Here is my config file: > > http_port 8080 > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > cache deny QUERY If you have a squid newer then 2.6.STABLE18 you can safely remove these QUERY line. It will improve your hit rates a lot. The new refresh_pattern below replaces them. hierarchy_stoplist is still needed up to squid 3.1. After that it can go too. > acl apache rep_header Server ^Apache > > cache_peer ######THE_IP_OF_THE_SIBLING###### sibling 3128 3130 > #prefer_direct off > > cache_mem 1024 MB > maximum_object_size 4096 KB > minimum_object_size 0 KB > > cache_dir ufs /var/spool/squid3 75000 32 256 > > error_directory /usr/share/squid3/errors/English > > logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt > access_log /var/log/squid3/access.log squid > cache_store_log none > logfile_rotate 1 > > debug_options ALL,1 > cache_log syslog > > ftp_user ftp@ > > hosts_file /etc/hosts > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 refresh+pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > httpd_suppress_version_string on > > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 acl localhost src 127.0.0.1 > acl to_localhost dst 127.0.0.0/8 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 > acl SSL_ports port 443 # https > acl Safe_ports port 21 # ftp > acl Safe_ports port 80 # http > acl Safe_ports port 880 # http > acl Safe_ports port 443 # https > acl Safe_ports port 1025-65535 > acl purge method PURGE > acl CONNECT method CONNECT > > http_access allow manager localhost > http_access deny manager > http_access allow purge localhost > http_access deny purge > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny to_localhost > > acl desktop-clients src 0.0.0.0/0 acl desktop-clients src all ... that is not good either way. "all" and the above numbers mean the entire Internet is one of your desktop-clients. > acl denied-desktop-clients src ####SOME_IP_ADDRESS SOME_OTHER_IP AND_SOME_MORE_IP_ADDRESSES#### > acl denied-domains dstdom_regex -i "/etc/squid3/denied-hosts.acl" If its just domain names and wildcard sub-domains on that list "dstdomain" is faster than "dstdom_regex". > > http_access deny denied-desktop-clients > http_access deny denied-domains > http_access allow desktop-clients > http_access allow localhost > http_access deny all > > http_reply_access allow all > You will need to permit ICP access between the siblings or they will not trade replies like you want. You will see a lot of UDP_*_MISS with icp access denied. > icp_access deny all > htcp_clr_access deny all > > htcp_access deny all > miss_access allow all > > visible_hostname ####THE_HOSTNAME.DOMAIN_OF_THIS_HOST#### > via off via is REQUIRED to be ON when linking proxies together like this. It's what prevents a single request looping around between your sibling proxies until all existing network sockets are used up. > forwarded_for off > > cachemgr_passwd ####SOME_PASSWORD#### all > always_direct allow all There is your main problem. "always_direct" FORCES the proxy to ignore its sibling, not to even bother trying a lookup there. Remove this and you will start to see requests between them. Amos > > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Tuesday, September 07, 2010 1:51 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: RE: Two squid servers to talk to each other before the internet > > On 07/09/10 22:49, Tóth Tibor Péter wrote: >>> Is there a way to check if squids are talking to each other? >> >> The access.log of each proxy will contain entries for messages going to >> and from the sibling. >> >> On a basic setup like you have so far, expect to see SIBLING hit/miss >> codes sometimes. UDP_SIBLING_* are the ICP messages flowing between the >> siblings as they check whether the other has an object. TCP_SIBLING_HIT >> are the actual HTTP reply objects being fetched. >> >> Amos >> >> Hi Amos! >> >> I dont see anything inside of the access.log about the SIBLING. Could it be the log level somewhere? Or something is configured wrong? >> In fact I only see logs starting with TCP_(MISS/200, REFRESH_UNMODIFIED, IMS_HIT/304, MEM_HIT/200, TCP_HIT/200, etc...) Nothing with UDP_ >> >> What can be wrong? >> >> Tibby > > What does your squid.conf look like then? > > > Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2
