I'm not convinced I have peering configured correctly. Here is my environment: These are internal specialized squid servers for serving internal web sites/deliverables. The main squid server at corporate is intended to accelerate a few sites. At corporate, we have 4 squid servers fronted by haproxy to load balance them. We have ACL's setup so that by default everything goes to the download web servers, but a few specific url's get proxied to some other servers. What I'm unsure about is whether the ACL's are preventing the cache_peer squid1-4 directives from being actually used... http_port 80 defaultsite=squid http_port 8081 defaultsite=squid icp_port 3130 cache_peer download1 parent 80 0 no-query originserver name=download1 round-robin connect-fail-limit=1 cache_peer download2 parent 80 0 no-query originserver name=download2 round-robin connect-fail-limit=1 cache_peer download3 parent 80 0 no-query originserver name=download3 round-robin connect-fail-limit=1 cache_peer maven-repo parent 8081 0 no-query originserver name=mavenrepo cache_peer foo parent 80 0 no-query originserver name=foo cache_peer squid1 sibling 80 3130 proxy-only name=squid1 cache_peer squid2 sibling 80 3130 proxy-only name=squid2 cache_peer squid3 sibling 80 3130 proxy-only name=squid3 cache_peer squid4 sibling 80 3130 proxy-only name=squid4 http_access allow all acl mavenpath urlpath_regex ^/artifactory acl mavenpath urlpath_regex ^/nexus acl mavenport myport 8081 acl foopath urlpath_regex ^/foo-packages cache_peer_access download1 deny mavenport cache_peer_access download2 deny mavenport cache_peer_access download3 deny mavenport cache_peer_access download1 deny mavenpath cache_peer_access download2 deny mavenpath cache_peer_access download3 deny mavenpath cache_peer_access download1 deny foopath cache_peer_access download2 deny foopath cache_peer_access download3 deny foopath # Only allow mavenpath and maven port to go to maven cache_peer_access mavenrepo allow mavenpath cache_peer_access mavenrepo allow mavenport cache_peer_access mavenrepo deny all # Only allow foopath to go to foo cache_peer_access foo allow foopath cache_peer_access foo deny all We have another setup for remote sites that have their own squid server. Currently these point to the download servers at corporate, but I'd also like them to peer with the four squid servers configured as above. This is what I currently have: http_port 3128 defaultsite=squid http_port 80 defaultsite=squid http_port 8081 defaultsite=squid # download is actually a round robin dns for download1,2,3 cache_peer download parent 80 0 no-query originserver name=download cache_peer maven-repo parent 8081 0 no-query originserver name=mavenrepo visible_hostname squid cache_peer squid1 sibling 80 3130 name=squid1 cache_peer squid2 sibling 80 3130 name=squid2 cache_peer squid3 sibling 80 3130 name=squid3 cache_peer squid4 sibling 80 3130 name=squid4 acl all src 0.0.0.0/0.0.0.0 http_access allow all acl maven urlpath_regex ^/artifactory ^/nexus acl mavenport myport 8081 cache_peer_access download deny maven cache_peer_access download deny mavenport cache_peer_access mavenrepo allow maven cache_peer_access mavenrepo allow mavenport cache_peer_access mavenrepo deny all What I'm concerned about is that when I tested a remote server I couldn't find evidence of it peering with the corporate squid server to pull a file -- and I'm wondering if my ACL's are somehow preventing the sibling peer relationship from being used for 'download' The corporate server is running 3.1.9 and the remotes are running 2.6.STABLE6
