On Wed, 15 Jun 2011 06:59:07 -0700, RM wrote:
> I am using the myip ACL and the tcp_outgoing_address directive so
> that
> my Squid configuration can have multiple IP addresses like the
> following (full configuration at the very end of message):
>
> acl ip1 myip 1.1.1.1
> acl ip2 myip 2.2.2.2
> acl ip3 myip 3.3.3.3
> tcp_outgoing_address 1.1.1.1 ip1
> tcp_outgoing_address 2.2.2.2 ip2
> tcp_outgoing_address 3.3.3.3 ip3
>
> If I use proxy IP address 1.1.1.1 to visit www.website.com and then
> use proxy IP address 2.2.2.2 to visit www.website.com less than 5
> seconds later, both visits are recorded as 1.1.1.1. However, if I
> wait
> 5+ seconds between using 1.1.1.1 and 2.2.2.2 to visit
> www.website.com,
> then www.website.com correctly records one hit from 1.1.1.1 and one
> hit from 2.2.2.2.
>
> Basically, I need to configure Squid so that if I use 1.1.1.1 and
> then
> 2.2.2.2 to connect to www.website.com in a span of less than 5
> seconds, each IP address is recoreded.
>
> I'm guessing there is some timeout or similar configuration that I am
> missing that is causing this. Can anyone point me in the right
> direction?
HTTP/1.1 clients and servers will attempt to make their traffic use TCP
efficiently and re-use open connections.
Forcing a particular IP address with tcp_outgoing_address needs you to
disable server_persistent_connections in squid 3.1 and older.
http://www.squid-cache.org/Versions/v2/2.6/cfgman/server_persistent_connections.html
possibly also the client ones to prevent the browser re-using its own
TCP connections.
http://www.squid-cache.org/Versions/v2/2.6/cfgman/client_persistent_connections.html
>
> I am using Squid 2.6.STABLE21 on CentOS 5.6.
>
> Thanks in advance.
>
> -Ron
>
> ---------
> Full squid.conf configuration
> ---------
>
> http_port 8080
>
> # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
>
> # OPTIONS WHICH AFFECT THE CACHE SIZE
> cache_mem 1 MB
> cache_swap_low 90
> cache_swap_high 95
> maximum_object_size 1 MB
> maximum_object_size_in_memory 50 KB
> cache_replacement_policy heap LFUDA
>
> # LOGFILE PATHNAMES AND CACHE DIRECTORIES
> cache_dir aufs /squid/919191-919191 5 16 256
<snip>
> header_access X-Forwarded-For deny all
> header_access Proxy-Connection deny all
"Proxy-Connection" is a non-standard header. Doing this breaks things
best left unbroken. Remove this line and use the persistence ON/OFF
controls mentioned above.
> header_access Via deny all
> header_access Cache-Control deny all
Nasty. Very nasty. Good thing you only have 6MB of cache storage. That
kind of prevents most of the object version collisions from being too
visible.
Removing Cache-Control leaves the QUERY ACL as your only protection
against a whole pile of strange side effects.
Oh, and the QUERY ACL is deprecated, you may want to remove it and
benefit from caching on modern websites.
/stuff to think about.
Amos
Received on Thu Jun 16 2011 - 00:13:04 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 16 2011 - 12:00:02 MDT