On Wed, 15 Jun 2011 06:59:07 -0700, RM wrote:
I am using the myip ACL and the tcp_outgoing_address directive so
that
my Squid configuration can have multiple IP addresses like the
following (full configuration at the very end of message):
acl ip1 myip 1.1.1.1
acl ip2 myip 2.2.2.2
acl ip3 myip 3.3.3.3
tcp_outgoing_address 1.1.1.1 ip1
tcp_outgoing_address 2.2.2.2 ip2
tcp_outgoing_address 3.3.3.3 ip3
If I use proxy IP address 1.1.1.1 to visit www.website.com and then
use proxy IP address 2.2.2.2 to visit www.website.com less than 5
seconds later, both visits are recorded as 1.1.1.1. However, if I
wait
5+ seconds between using 1.1.1.1 and 2.2.2.2 to visit
www.website.com,
then www.website.com correctly records one hit from 1.1.1.1 and one
hit from 2.2.2.2.
Basically, I need to configure Squid so that if I use 1.1.1.1 and
then
2.2.2.2 to connect to www.website.com in a span of less than 5
seconds, each IP address is recoreded.
I'm guessing there is some timeout or similar configuration that I am
missing that is causing this. Can anyone point me in the right
direction?
HTTP/1.1 clients and servers will attempt to make their traffic use TCP
efficiently and re-use open connections.
Forcing a particular IP address with tcp_outgoing_address needs you to
disable server_persistent_connections in squid 3.1 and older.
http://www.squid-cache.org/Versions/v2/2.6/cfgman/server_persistent_connections.html
possibly also the client ones to prevent the browser re-using its own
TCP connections.
http://www.squid-cache.org/Versions/v2/2.6/cfgman/client_persistent_connections.html
I am using Squid 2.6.STABLE21 on CentOS 5.6.
Thanks in advance.
-Ron
---------
Full squid.conf configuration
---------
http_port 8080
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
# OPTIONS WHICH AFFECT THE CACHE SIZE
cache_mem 1 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 1 MB
maximum_object_size_in_memory 50 KB
cache_replacement_policy heap LFUDA
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
cache_dir aufs /squid/919191-919191 5 16 256
<snip>
header_access X-Forwarded-For deny all
header_access Proxy-Connection deny all
"Proxy-Connection" is a non-standard header. Doing this breaks things
best left unbroken. Remove this line and use the persistence ON/OFF
controls mentioned above.
header_access Via deny all
header_access Cache-Control deny all
Nasty. Very nasty. Good thing you only have 6MB of cache storage. That
kind of prevents most of the object version collisions from being too
visible.
Removing Cache-Control leaves the QUERY ACL as your only protection
against a whole pile of strange side effects.
Oh, and the QUERY ACL is deprecated, you may want to remove it and
benefit from caching on modern websites.
/stuff to think about.
Amos
