On Thu, 22 Jul 2004, Merton Campbell Crockett wrote:
> Background:
>
> (1) Companies A, B, and C are working on a joint project.
> (2) Company A is the lead for the joint project and is responsible
> for maintaining a web-accessible database of information about
> the project that is accessible to all team members.
> (3) Private, dedicated links have been established between A, B,
> and C to allow access to the database.
> (4) The web server for the database is only accessible through the
> private network connection and is not visible to the Internet.
> (5) Company B installs a Squid proxy server to provide restricted
> access to the web server at company A.
> (6) All HTTP requests for PROJECT.A.COM need to be forwarded to
> this Squid proxy server while all other HTTP requests for A.COM
> are forwarded to the default proxy server that provides Internet
> access.
>
> Using 2.4-STABLE7, this appeared to work when using cache_peer_domain.
> Under 2.5-STABLE6, the requests are always being routed to the default
> parent cache that provides access to the Internet.
>
> Which debug sections need to be enabled in the debug options to determine
> why the "right" proxy server is not being selected?
The solution to this problem was to set the "right" debug_option values.
After 'grep'ing the source code, I found that I needed 44,5 set to debug
the peer selection process.
With the right section and level specified, the problem was quickly
identified as a forward reference to an ACL. Hate when that happens!
There still seems to be an error in the peer selection algorithm. I had
initially defined the peer as a sibling.
cache_peer proxy.b.com sibling 8080 3130 allow-miss no-digest no-query
Then, I redefined it using neighbor_type_domain.
neigbor_type_domain proxy.b.com parent .project.a.com
I had expected this to force selection of the proxy.b.com as the peer.
The default parent continued to be selected over the peer that was
explicitly defined as a parent for the specified destination domain.
I had to add a cache_peer_access to explicitly deny the use of the default
proxy as a peer.
Merton Campbell Crockett
-- BEGIN: vcard VERSION: 3.0 FN: Merton Campbell Crockett ORG: General Dynamics Advanced Information Systems; Intelligence and Exploitation Systems N: Crockett;Merton;Campbell EMAIL;TYPE=internet: mcc@CATO.GD-AIS.COM TEL;TYPE=work,voice,msg,pref: +1(805)497-5045 TEL;TYPE=work,fax: +1(805)497-5050 TEL;TYPE=cell,voice,msg: +1(805)377-6762 END: vcardReceived on Thu Jul 22 2004 - 14:46:18 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT