Andrew S. Howell wrote:
> acl tibco-dst dst 160.101.0.0/255.255.0.0
Here is your problem. This is only true in a peer_access line if Squid
already knows the IP address. It can't stop to lookup a unknown IP
address. When peer_access encounters a unknown host it continues as if
the IP address is not found, and then queues a lookup for future
references. One way to get around this is to force Squid into looking up
the IP address during http_access processing.
acl all_dst dst 0.0.0.0/0
http_access deny !all_dst
should do the trick for most hosts, but there will still be some rare
race conditions when hosts expires from squids internal IP cache during
processing of a request to that host.
> I tried changing:
>
> cache_peer_access tickle deny tibco-dst
> to
> cache_peer_access tickle deny tibco-dst reuters-regex
You probably want
cache_peer_access tickle deny tibco-dst
cache_peer_access tickle deny reuters-regex
If you list multiple ACLs on the same line then they are anded, so your
line says "deny if it matches both tibco-dst and reuters-regex", and as
tibco-dst is unreliable when used in cache_peer_access then...
> Henrik> 2: single_parent before non-hierarchical check.
>
> Does non-hierarchial mean to a SIBLING cache?
No, it means those requests Squid normally would try to go direct on
because there is no (or little) point in traversing a hierarchy of
caches for these request. Such requests include:
* PUT/POST requests
* Pragma: no-cache requests (reload).
and some other. Didn't I write a description of what's non-hirarchical
in the same message?
> Is this why I am seeing AclMatchIP failing for hosts that I can find
> with nslookup?
If these AclMatchIP calls is in cache_peer_access then yes. They should
succeed on later requests as Squid queues a lookup when the address is
not known (cached).
> That what I am trying to get to. What does force squid to use a
> particular peer. From the acl's, cache_peer_xxx etc, it all seems like
> it sould be so simple to do what I want, but I have yet to be able to
> figure it out.
The closest to forcing Squid into selecting a given peer is to deny the
URL from all other peers.
> minor patch to debugArg in debug.c to allow you to give a list of
> debug sections and levels. ALL is just too much information. One level
This is already possible.
debug_options ALL,1 44,3 28,3
should do what you want without the need to change any code, and I am
pretty sure it works as I have used it a number of times.
--- Henrik Nordstrom Spare time Squid hackerReceived on Thu Jan 14 1999 - 00:02:07 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:01 MST