Search squid archive

Re: configuring squid to go directly in case of upstream proxies are down

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



you can do it using an external helper acl.
what i would do is a simple "heat beat" marker in a ramfs.
one loop that will run in the background and will check the status of the parent cache_peer every 30 secs or 60 secs and in a case of a failure to create a file in the ramfs\tmp that will indicate that the parent proxy is down.

two scripts are included for PROXY heartbeat check.

Eliezer

#external acl proxy state checker start:

#/bin/bash
#proxystatcheck.sh by Eliezer Croitoru
#you can use a ramfs/shm fs to lower the disk R\W access
while read url
do
if [ -a /tmp/proxy1.err ]
then
 echo ERR
else
 echo OK
fi
done

#external acl proxy state checker end

#proxy heart beat state checker start:

#/bin/bash
#proxyhb.sh
#heart beat state script by Eliezer Croitoru
#customize the locations and files names
#change the proxy address and test url
#the alive.html contains: <html><body><h1>It works!</h1></body></html>
#you can use a ramfs/shm fs to lower the disk R\W access

timestamp="$(date +%Y-%m-%d_%a_%H_%M)"
LOGFILE="/var/log/proxystat.log"
MARKER="/tmp/proxy1.err"
PROXYADD="http://127.0.0.1:3128/";
WORKSTAR="http://www1.ngtech.co.il/alive.html";
STATE="0"
echo "$timestamp starting proxy 127.0.0.1:3128 heartbeat">>$LOGFILE
if [ -a $MARKER ] ; then
   rm $MARKER
fi
while true;do

curl -s -x $PROXYADD $WORKSTAR|grep "works\!" >/dev/null 2>&1
TESTRES=$?
timestamp="$(date +%Y-%m-%d_%a_%H_%M)"
if [ $TESTRES == 0 ] && [ $STATE == 0 ]
then
      echo "$timestamp proxy still up" >>$LOGFILE

fi

if [ "$TESTRES" == 0 ] && [ "$STATE" == 1 ]
then
        rm $MARKER
        STATE="0"
        echo "$timestamp proxy got up" >>$LOGFILE

fi

if [ "$TESTRES" == 1 ] && [ "$STATE" == 0 ]
then
        touch $MARKER
        STATE="1"
        echo "$timestamp proxy got down">>$LOGFILE

fi

if [ "$TESTRES" == 1 ] && [ "$STATE" == 1 ]
then
        echo "$timestamp proxy down again">>$LOGFILE

fi

# debug options to see the last log and end progress of loop on stdout
#tail -1 $LOGFILE
#echo "$timestamp sleeping"

sleep 30
done

#proxy heart beat state checker end




On 30/05/2012 12:59, nipun_mlist Assam wrote:
Thanks Amos and Eliezer for the hints.

I could achieve my requirements by having some rules as below:

never_direct deny aclforclient_c1 #Here we allow direct access of
internet from squid if parent is down
never_direct allow aclforclient_c2 #Here squid drops the connection if
parent is down
never_direct allow all
always_direct deny all

Is there any way to make the "never_direct" rules aware of the parent
proxies (i.e. making parent proxy specific never_direct rules).



On Tue, May 29, 2012 at 6:13 PM, Eliezer Croitoru<eliezer@xxxxxxxxxxxx>  wrote:
On 29/05/2012 14:07, Amos Jeffries wrote:

On 29/05/2012 10:13 p.m., nipun_mlist Assam wrote:

Is there any way through which I can control traffic from only few
clients to connect directly to internet if the upstream parent proxies
are down.
For example, in an example configuration squid forwards traffic from
client C1 and C2 to parent proxy P.

HTTP traffic from client C1 and C2<--->  forwarding squid<--->  P<--->
cloud

If parent P is down I want C1's traffic to be sent directly to the
internet by squid, while for C2 the connection should be dropped by
squid.

"prefer_direct off" affects traffics from all the clients.
Is there any way to use a combination of "prefer_direct off" and
"never_direct allow all/ always_direct deny all" ?


never_direct and allow_direct are lists with multiple lines performing
if-else logic just like http_access.

Think about it like this: you said you want these clients to go direct
*sometimes*, so why are you setting them to *never* go direct? ("all"
matches everything).

prefer_direct determins whether the parent or DIRECT are *tried* first.
First route to succeed suplies the answer.

Amos

i can think of a never direct and always direct and using an external helper
that will determine if the client will match the category of never_direct or
always_direct.

Eliezer

--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer<at>  ngtech.co.il





--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux