Henrik Nordstrom schrieb:
>
>
> On Mon, 13 Dec 2004, Daniel Graupner wrote:
>
>>> See Squid FAQ on how to use Squid inside a firewall.
>>
>>
>> I did, but in my testing environment there is no firewall at all.
>> Between cache, peer and hosts is no firewall. Please give me more hints.
>
>
> So your Squid which reported "Network unreachable" should be able to
> reach www.ibm.com without using any peer?
No, my squid is inside a local network so it can only reach webservers inside this network. To
access the internet (e.g. ibm.com) it has to use a peer which is also inside the network.
> Then this error indicates you have a basic network problem of some kind
> which prevents this Squid server from reaching the Internet proper.
> Quite likely missing routing.
Hmm, I don't think so. I'am able to reach ibm.com via squid and on the peer I see the query that
squid made. But at the time I have questionmarks in the url squid no longer queries the peer and
tries to go direct, which fails.
>> I read in the handbook that squid only goes direct when the peer is
>> assumed to be down. This should not happen with "default no-query" in
>> the cache peer directive.
>
> This is ONE case where Squid goes direct, the other is when using peers
> does not make sense in terms of hit ratio, and then there is also some
> other cases.
OK, I have to investigate why squid tries to go direct in my case.
> If your Squid is inside a firewall and not permitted to go direct you
> MUST tell this to Squid as per the instructions in the Squid FAQ.
thats what i'm doing:
acl homedst dst 192.168.0.0/24 127.0.0.1
acl alldst dst 0.0.0.0/0.0.0.0
cache_peer 192.168.0.1 parent 8080 3130 default no-query
cache_peer_access 192.168.0.1 deny homedst
cache_peer_access 192.168.0.1 allow alldst
> Squid goes direct on URLs with ? in then as it is instructed these URLs
> is not cacheable in the squid.conf shipped with Squid. See the no_cache
> directive, but note that it is more or less REQUIRED by the HTTP RFC to
> handle such URLs as uncacheable.
yes i have the (standard) no_cache directive in my squid.conf
> Squid does not log the query terms for security reasons, but it is only
> in the log where these are "missing". If you really want the query terms
> logged then see squid.conf.
K, I found the strip_query_terms directive, now its clear. For this one has to read the default
conf, it is not mentioned in the userguide nor faq ;-(
> If your Squid is not permitted to go direct then this must also be told,
> if not it assumes it is permitted to go direct when this would be
> "optimal" (in Squids opinion).
OK, I thought the cache_peer_access directives told squid when to go direct...but they also seem to
be an suggestion. With never_direct etc. it works for me.
I see, one has to be familiar with Inter-Cache-Communication to completely understand squids behaviour.
Thanks for your help, I should now be able to make it work now.
Regards,
Daniel.
Received on Mon Dec 13 2004 - 03:25:29 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST