On 12/22/21 11:29 AM, roee klinger wrote: > cache_peer 100.70.162.11 parent 16211 0 proxy-only default name=proxy16211 > cache_peer 100.70.162.12 parent 16212 0 proxy-only default name=proxy16212 > cache_peer 100.70.162.13 parent 16213 0 proxy-only default name=proxy16213 > acl peer_group_162 peername_regex -i proxy162.*\b > > Followed by: > cache_peer_access peer_group_162 allow admin162 According to documentation, the cache_peer_access directive requires a peer name (or a peer host name) as the second parameter. Your configuration is using a string "peer_group_162", which is not a name of any cache_peer. AFAICT, while you can use peername_regex to _match_ a group of cache_peers, you still have to name a specific peer as the second parameter of the cache_peer_access rule. That effectively defeats the purpose of using peername_regex in this case! It was wrong for me to point you in peername_regex direction. Your configuiration has to have at least one cache_peer_access rule for each cache_peer. Sorry, Alex. > but I got an error: > ERROR: /etc/squid/conf.d/admin_allow_peer.conf, line 4: No cache_peer > 'peer_group_162' > > Should I use http_access instead? I am not sure how to use it, because > peer_group_162 is an ACL, not a cache_peer. > > Also, is my regex entry correct? I am not sure if \b is supported, and > if I should add the -i flag or not. > > Thanks alot. > > On Wed, Dec 22, 2021 at 5:27 PM Alex Rousskov wrote: > > On 12/22/21 10:21 AM, roee klinger wrote: > > > I have a group of about 6 cache peers: > > > > cache_peer 100.70.162.11 parent 16211 0 proxy-only default > name=proxy16211 > > cache_peer 100.70.162.12 parent 16212 0 proxy-only default > name=proxy16212 > > cache_peer 100.70.162.13 parent 16213 0 proxy-only default > name=proxy16213 > > > > cache_peer 100.70.163.11 parent 16311 0 proxy-only default > name=proxy16311 > > cache_peer 100.70.163.12 parent 16312 0 proxy-only default > name=proxy16312 > > cache_peer 100.70.163.13 parent 16313 0 proxy-only default > name=proxy16313 > > > > > > I would like to allow user162_acl access only to the peers that ... > > have a name that starts with proxy162 > > According to documentation, a peername_regex ACL can do what you want. > > Alex. > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> > http://lists.squid-cache.org/listinfo/squid-users > <http://lists.squid-cache.org/listinfo/squid-users> > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
