RE: [squid-users] Reverse Proxy - order of cache_peer_access rules

From: Nick Duda <nduda_at_VistaPrint.com>
Date: Mon, 27 Jun 2011 13:30:32 +0000

I'm no pro at squid-cache, but I do run a handful of reverse proxies doing things similar to what you want. You might want to consider using url_regex? Maybe something along the lines of this:

http_port 80 accel defaultsite=www.example1.com vhost

cache_peer 10.0.0.3 parent 80 0 no-query originserver name=server3
cache_peer 10.0.0.1 parent 80 0 no-query originserver name=server1
cache_peer 10.0.0.2 parent 80 0 no-query originserver name=server2

acl site3 url_regex -I ^http://www.example1.com/?a=1&o=16188 ^http://www.example1.com/?a=1&o=16188
acl site1 url_regex -I ^http://www.example1.com
acl site2 url_regex -I ^http://www.example2.com

cache_peer_access server3 allow site3
cache_peer_access server1 allow site1
cache_peer_access server2 allow site2
cache_peer_access server3 deny all
cache_peer_access server1 deny all
cache_peer_access server2 deny all

http_access allow site3
http_access allow site1
http_access allow site2

- Nick

-----Original Message-----
From: Oskar Stolc [mailto:oskar.stolc_at_gmail.com]
Sent: Sunday, June 26, 2011 5:41 AM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Reverse Proxy - order of cache_peer_access rules

Hi,

I am trying to set up a Squid reverse proxy, but it does not want to work according my expectations.

I am serving two sites:
- www.example1.com
- www.example2.com

I have 3 backend servers:
- 10.0.0.1
- 10.0.0.2
- 10.0.0.3

I want Squid to send the
- www.example1.com queries to server 10.0.0.1
- www.example2.com queries to server 10.0.0.2
- if the query contains an o=16188 HTTP parameter I want Squid to send it to 10.0.0.3 regardless of domain

Example:
- http://www.example1.com/?a=1&b=2 - goes to 10.0.0.1
- http://www.example2.com/?a=1&b=2 - goes to 10.0.0.2
- http://www.example1.com/?a=1&o=16188 - goes to 10.0.0.3
- http://www.example2.com/?a=1&o=16188 - goes to 10.0.0.3

My configuration looks like this:

acl site1 dstdomain www.example1.com
acl site2 dstdomain www.example2.com

acl ocode_param urlpath_regex o=16188

http_access allow site1
http_access allow site2

http_port 80 accel defaultsite=www.example1.com vhost

cache_peer 10.0.0.1 parent 80 0 no-query originserver name=server1 cache_peer 10.0.0.2 parent 80 0 no-query originserver name=server2 cache_peer 10.0.0.3 parent 80 0 no-query originserver name=server3

cache_peer_access server3 allow ocode_param

cache_peer_access server1 allow site1
cache_peer_access server2 allow site2

cache_peer_access server1 deny all
cache_peer_access server2 deny all
cache_peer_access server3 deny all

The problem is that the queries with o=16188 don't go to 10.0.0.3, but are routed to 10.0.0.1 or 10.0.0.2 instead (based on domain). Does it mean the cache_peer_access rules are not "first match first win"
rules? Should I re-order them? How?

I've tried this on Squid 2.6 on CentOS5.6 and Squid 3.1 on Fedora15, both behave the same.

Please help, any suggestions appreciated.

Thanks,
Oskar
Received on Mon Jun 27 2011 - 13:30:43 MDT

This archive was generated by hypermail 2.2.0 : Mon Jun 27 2011 - 12:00:02 MDT