Thanks a lot Amos! It was just perfect! With your examples I did manage to implement almost all I need. A last thing to implement this already. Is it possible to change the below port for the same port that user connected to this child squid? This way I would not have to use header to send information to the parent squid. Which would means to change all the incoming port route policy I already have in place and in production in several VPSs. Something like "transmit" the incoming port wherever it is, to this port field below using some wildcard. cache_peer 200.7.118.226 parent *4370* 0 no-query name=peerREDIRECT login=PASSTHRU Thanks a lot again! Marcelo. Message: 2 Date: Sat, 20 Aug 2022 22:57:47 +1200 From: Amos Jeffries <squid3@xxxxxxxxxxxxx> To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Capture incoming information from one squid Message-ID: <3e733d49-6108-98d8-7ab5-cae4c2afe6e3@xxxxxxxxxxxxx> Content-Type: text/plain; charset=UTF-8; format=flowed On 20/08/22 11:20, Marcelo wrote: > 1- Is it possible to provide me with an example of squid.conf of both > parent and child squids? > > I am having very basic doubts about cache_peer and its very hard to > find complete squid.confs over the internet. > FWIW, *complete* squid.conf are usually useless because every network is different. What you actually want is the *pieces* that do what you need. > 2- cache-peer really routes the connection to the second squid server or > just look for a hit in a second server's cache? > I need the second server to not just authenticate the user, but to know from > which port the user got in the first squid server in order to forward this > user through different routes based on this incoming port number. cache_peer directive is just the settings for *how* to connect to a particular server. What URL format to use, whether to use TLS/SSL or not, any non-80/443 port to connect to, what/how to pass login credentials, etc. cache_peer_access determines what traffic can (or must) be sent on a TCP connection setup with a cache_peer's settings. To pass unusual data like the original client info you should add a Forwarded header with the relevant details. So, in your frontend proxy you have: # Special parent proxy for some traffic cache_peer ... name=X # which traffic to send to the special parent acl specials dstdomain ... never_direct allow specials cache_peer_access X allow specials cache_peer_access X deny all # markup the traffic with Forwarded details forwarded_for transparent request_header_add Forwarded "for=%>a;by=_%lp" specials In your backend Squid this ACL below matches the Forwarded header received there. Use it as necessary to decide your traffic handling: # match when frontend marked port X as receiving acl portX req_header Forwarded ;by=_X(,|$) HTH Amos ------------------------------ Subject: Digest Footer _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users ------------------------------ End of squid-users Digest, Vol 96, Issue 37 ******************************************* _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
