Re: [squid-users] [squid-use​rs] Timeout Directives

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 16 Jun 2011 12:13:01 +1200

 On Wed, 15 Jun 2011 06:59:07 -0700, RM wrote:
> I am using the myip ACL and the tcp_outgoing_address directive so
> that
> my Squid configuration can have multiple IP addresses like the
> following (full configuration at the very end of message):
>
> acl ip1 myip 1.1.1.1
> acl ip2 myip 2.2.2.2
> acl ip3 myip 3.3.3.3
> tcp_outgoing_address 1.1.1.1 ip1
> tcp_outgoing_address 2.2.2.2 ip2
> tcp_outgoing_address 3.3.3.3 ip3
>
> If I use proxy IP address 1.1.1.1 to visit www.website.com and then
> use proxy IP address 2.2.2.2 to visit www.website.com less than 5
> seconds later, both visits are recorded as 1.1.1.1. However, if I
> wait
> 5+ seconds between using 1.1.1.1 and 2.2.2.2 to visit
> www.website.com,
> then www.website.com correctly records one hit from 1.1.1.1 and one
> hit from 2.2.2.2.
>
> Basically, I need to configure Squid so that if I use 1.1.1.1 and
> then
> 2.2.2.2 to connect to www.website.com in a span of less than 5
> seconds, each IP address is recoreded.
>
> I'm guessing there is some timeout or similar configuration that I am
> missing that is causing this. Can anyone point me in the right
> direction?

 HTTP/1.1 clients and servers will attempt to make their traffic use TCP
 efficiently and re-use open connections.

 Forcing a particular IP address with tcp_outgoing_address needs you to
 disable server_persistent_connections in squid 3.1 and older.
 http://www.squid-cache.org/Versions/v2/2.6/cfgman/server_persistent_connections.html

 possibly also the client ones to prevent the browser re-using its own
 TCP connections.
 http://www.squid-cache.org/Versions/v2/2.6/cfgman/client_persistent_connections.html

>
> I am using Squid 2.6.STABLE21 on CentOS 5.6.
>
> Thanks in advance.
>
> -Ron
>
> ---------
> Full squid.conf configuration
> ---------
>
> http_port 8080
>
> # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
>
> # OPTIONS WHICH AFFECT THE CACHE SIZE
> cache_mem 1 MB
> cache_swap_low 90
> cache_swap_high 95
> maximum_object_size 1 MB
> maximum_object_size_in_memory 50 KB
> cache_replacement_policy heap LFUDA
>
> # LOGFILE PATHNAMES AND CACHE DIRECTORIES
> cache_dir aufs /squid/919191-919191 5 16 256

 <snip>

> header_access X-Forwarded-For deny all
> header_access Proxy-Connection deny all

 "Proxy-Connection" is a non-standard header. Doing this breaks things
 best left unbroken. Remove this line and use the persistence ON/OFF
 controls mentioned above.

> header_access Via deny all
> header_access Cache-Control deny all

 Nasty. Very nasty. Good thing you only have 6MB of cache storage. That
 kind of prevents most of the object version collisions from being too
 visible.

 Removing Cache-Control leaves the QUERY ACL as your only protection
 against a whole pile of strange side effects.

 Oh, and the QUERY ACL is deprecated, you may want to remove it and
 benefit from caching on modern websites.

  /stuff to think about.

 Amos
Received on Thu Jun 16 2011 - 00:13:04 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 16 2011 - 12:00:02 MDT