Re: [squid-users] SQUID port to port

From: Michael Alger <squid_at_mm.quex.org>
Date: Tue, 22 Jul 2008 23:44:02 +0800

On Tue, Jul 22, 2008 at 07:01:42AM -0700, elsergio wrote:
> I have been suggested this
>
>> http_port 80 81 #to make squid listen to the desired ports
>
> One per line.
>
> Do I have to do something like this?
>
> http_port 80
> acl all src 0.0.0.0/0.0.0.0
> always_direct allow all
> cache_peer ip1 parent 8080 0 no-query origin_server name=DS1
> cache_peer_access allow DS1
>
> http_port 81
> acl all src 0.0.0.0/0.0.0.0
> always_direct allow all
> cache_peer ip2 parent 8181 0 no-query origin_server name=DS2
> cache_peer_access allow DS2

No, the "one per line" remark was purely aimed at the http_port
thing; as in:

http_port 80
http_port 81

...other directives follow...

squid doesn't particularly care about the order of directives in the
configuration file, except you cannot refer to something you have
not yet defined. If it aids your understanding you can split the
http_port directives up and have settings which apply to each
directly following them, but that's not a requirement (and nor is it
usually particularly helpful in aiding understanding).

> I dont know if this is the way to determine that all the incoming
> requests to port 80 will go to 1p1:8080 and the requests to port
> 81 will go to ip2:8181. Is this the way to do it?

Nope. As Amos said, you need to define ACLs which define which URLs
will be passed to each of your parents, and then assign these using
cache_peer_access. Have you read the documentation Amos directed you
to?

You need to define an ACL for your "DS1" server, e.g.

acl myport80 myport 80
cache_peer_access allow DS1 myport80
cache_peer_access deny DS1 all

(Note that you need to define the "all" ACL first, as you have done
in your example. Only define it once, though.)

Then repeat the process for "DS2":

acl myport8 myport 81
cache_peer_access allow DS2 myport81
cache_peer_access deny DS2 all

Note also that you don't want to use always_direct, as that tells
squid to bypass its cache_peers and connect directly to the origin
server which it finds by doing a DNS lookup.

Assuming you want to give your ACLs a more meaningful name, your
configuration will look something like this:

http_port 80
http_port 81
cache_peer ip1 parent 8080 no-query originserver name=DS1
cache_peer ip2 parent 8181 no-query originserver name=DS2

acl forDS1 myport 80
acl forDS2 myport 81
acl all src 0.0.0.0/0.0.0.0

cache_peer_access allow DS1 forDS1
cache_peer_access deny DS1 all
cache_peer_access allow DS2 forDS2
cache_peer_access deny DS2 all

Plus you'll have other elements from the default / recommended
configuration.

There are multiple ways of applying the access lists; the way I've
described above is what I usually prefer, but:

cache_peer_access deny DS1 !forDS1
cache_peer_access deny DS2 !forDS2

will do the same thing in less lines. Depends what you find easier
to understand yourself.
Received on Tue Jul 22 2008 - 15:44:07 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 24 2008 - 12:00:04 MDT