Hi all, I'm writing for a small problem.
I have a squid instance (3.3.6) with differents parents:
cache_peer host11.domain.com parent 8084 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
cache_peer host12.domain.com parent 8084 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
cache_peer host21.domain.com parent 9090 0 proxy-only no-query
cache_peer host31.domain.com parent 8080 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
cache_peer host32.domain.com parent 8080 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
To route the requests to the right parent and to make acls I include external files (include .......file1.conf).
After all the inclusion and some other general settings (squid.conf) I close access to peers:
cache_peer_access host11.domain.com parent deny all
cache_peer_access host12.domain.com parent deny all
cache_peer_access host21.domain.com parent deny all
cache_peer_access host31.domain.com parent deny all
cache_peer_access host32.domain.com parent deny all
The includes files look like (just the allow part):
http_access allow srcservers1 todomains1
http_access allow srcservers2 todomains2
cache_peer_access host11.domain.com allow todomains1
cache_peer_access host12.domain.com allow todomains2
cache_peer_access host11.domain.com allow todomains1
cache_peer_access host12.domain.com allow todomains2
In general this solution work great but I've just found out that some rules doesn't work.
By debugging a little bit I've discovered the the problem is an include file (as the one just described) that use destination acls with IPs:
if todomains1 is something like "acl todomains1 dstdomain www.sample.com" the "cache_peer_access host11.domain.com allow todomains1" works correctly
if todomains1 is something like "acl toibmhmc dst 99.99.99.99" the "cache_peer_access host11.domain.com allow todomains1" doesn't work and all the directives of cache_peer_access that follows doesn't working.
Has someone any idea ?
Kind regards,
Daniel
Received on Fri Jul 05 2013 - 10:00:41 MDT
This archive was generated by hypermail 2.2.0 : Fri Jul 05 2013 - 12:00:11 MDT