Isaac Witmer wrote:
> Sorry, I did a bad job of explaining.
> I had SquidGuard as a url_rewrite_program redirecting all Ubuntu
> Repository links to 10.42.43.1:9999, (the local net IP).
> So Apt-proxy (working off this port) was doing the caching, and squid
> shouldn't be. (in the case of a corrupt file getting cached, it would
> only be in one place, instead of both)
>
> After looking in the cache.log file with debug_options All,3
> 2010/02/04 13:51:28.288| ACLChecklist::preCheck: 0x85f8fb0 checking
> 'cache deny ubuntu_repo'
> 2010/02/04 13:51:28.288| ACLList::matches: checking ubuntu_repo
> 2010/02/04 13:51:28.288| ACL::checklistMatches: checking 'ubuntu_repo'
> 2010/02/04 13:51:28.289| aclMatchDomainList: checking '10.42.43.1'
> 2010/02/04 13:51:28.289| aclMatchDomainList: '10.42.43.1' NOT found
>
> It turns out that I needed one extra 'cache deny' rule in this case. I
> don't understand it entirely but it seems adding a cache deny rule for
> "localnet" (which was already defined for my local area network) also
> helped to blacklist the 10.42.43.1 ip address.
>
> -Isaac
Ah. Okay.
(I assume 10.42.43.1:9999 is the apt-proxy address and listening port?)
What you need to do is drop the redirector and the special cache deny.
And replace it with this:
cache_peer 10.42.43.1 parent 9999 0 no-query proxy-only name=apt
acl ubuntu dstdomain archive.ubuntu.com archive.canonical.com
security.ubuntu.com ke.archive.ubuntu.com
cache_peer_access apt allow ubuntu
cache_peer_access apt deny all
never_direct allow ubuntu
NP: the "proxy-only" option is equivalent to "cache deny" but only
affects objects successfully fetched through the peer proxy.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16Received on Thu Feb 04 2010 - 12:41:50 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 12:00:04 MST