Re: cache_peer_? setting for internal peer

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 14 Jan 1999 07:20:57 +0100

Andrew S. Howell wrote:

> acl tibco-dst dst 160.101.0.0/255.255.0.0

Here is your problem. This is only true in a peer_access line if Squid
already knows the IP address. It can't stop to lookup a unknown IP
address. When peer_access encounters a unknown host it continues as if
the IP address is not found, and then queues a lookup for future
references. One way to get around this is to force Squid into looking up
the IP address during http_access processing.

acl all_dst dst 0.0.0.0/0
http_access deny !all_dst

should do the trick for most hosts, but there will still be some rare
race conditions when hosts expires from squids internal IP cache during
processing of a request to that host.

> I tried changing:
>
> cache_peer_access tickle deny tibco-dst
> to
> cache_peer_access tickle deny tibco-dst reuters-regex

You probably want
  cache_peer_access tickle deny tibco-dst
  cache_peer_access tickle deny reuters-regex

If you list multiple ACLs on the same line then they are anded, so your
line says "deny if it matches both tibco-dst and reuters-regex", and as
tibco-dst is unreliable when used in cache_peer_access then...

> Henrik> 2: single_parent before non-hierarchical check.
>
> Does non-hierarchial mean to a SIBLING cache?

No, it means those requests Squid normally would try to go direct on
because there is no (or little) point in traversing a hierarchy of
caches for these request. Such requests include:
  * PUT/POST requests
  * Pragma: no-cache requests (reload).
and some other. Didn't I write a description of what's non-hirarchical
in the same message?

> Is this why I am seeing AclMatchIP failing for hosts that I can find
> with nslookup?

If these AclMatchIP calls is in cache_peer_access then yes. They should
succeed on later requests as Squid queues a lookup when the address is
not known (cached).

> That what I am trying to get to. What does force squid to use a
> particular peer. From the acl's, cache_peer_xxx etc, it all seems like
> it sould be so simple to do what I want, but I have yet to be able to
> figure it out.

The closest to forcing Squid into selecting a given peer is to deny the
URL from all other peers.

> minor patch to debugArg in debug.c to allow you to give a list of
> debug sections and levels. ALL is just too much information. One level

This is already possible.

debug_options ALL,1 44,3 28,3

should do what you want without the need to change any code, and I am
pretty sure it works as I have used it a number of times.

---
Henrik Nordstrom
Spare time Squid hacker
Received on Thu Jan 14 1999 - 00:02:07 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:01 MST