Re: [squid-users] Proxy Selection Problem

From: Merton Campbell Crockett <mcc@dont-contact.us>
Date: Thu, 22 Jul 2004 13:45:30 -0700 (PDT)

On Thu, 22 Jul 2004, Merton Campbell Crockett wrote:

> Background:
>
> (1) Companies A, B, and C are working on a joint project.
> (2) Company A is the lead for the joint project and is responsible
> for maintaining a web-accessible database of information about
> the project that is accessible to all team members.
> (3) Private, dedicated links have been established between A, B,
> and C to allow access to the database.
> (4) The web server for the database is only accessible through the
> private network connection and is not visible to the Internet.
> (5) Company B installs a Squid proxy server to provide restricted
> access to the web server at company A.
> (6) All HTTP requests for PROJECT.A.COM need to be forwarded to
> this Squid proxy server while all other HTTP requests for A.COM
> are forwarded to the default proxy server that provides Internet
> access.
>
> Using 2.4-STABLE7, this appeared to work when using cache_peer_domain.
> Under 2.5-STABLE6, the requests are always being routed to the default
> parent cache that provides access to the Internet.
>
> Which debug sections need to be enabled in the debug options to determine
> why the "right" proxy server is not being selected?

The solution to this problem was to set the "right" debug_option values.
After 'grep'ing the source code, I found that I needed 44,5 set to debug
the peer selection process.

With the right section and level specified, the problem was quickly
identified as a forward reference to an ACL. Hate when that happens!

There still seems to be an error in the peer selection algorithm. I had
initially defined the peer as a sibling.

 cache_peer proxy.b.com sibling 8080 3130 allow-miss no-digest no-query

Then, I redefined it using neighbor_type_domain.

 neigbor_type_domain proxy.b.com parent .project.a.com

I had expected this to force selection of the proxy.b.com as the peer.
The default parent continued to be selected over the peer that was
explicitly defined as a parent for the specified destination domain.

I had to add a cache_peer_access to explicitly deny the use of the default
proxy as a peer.

Merton Campbell Crockett

-- 
BEGIN:				vcard
VERSION:			3.0
FN:				Merton Campbell Crockett
ORG:				General Dynamics Advanced Information Systems;
				Intelligence and Exploitation Systems
N:				Crockett;Merton;Campbell
EMAIL;TYPE=internet:		mcc@CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:	+1(805)497-5045
TEL;TYPE=work,fax:		+1(805)497-5050
TEL;TYPE=cell,voice,msg:	+1(805)377-6762
END:				vcard
Received on Thu Jul 22 2004 - 14:46:18 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT