[squid-users] cache_peer_access directive problem from Hubeli Daniel on 2013-07-05 (squid-users)

From: Hubeli Daniel <Daniel.Hubeli_at_corner.ch>
Date: Fri, 5 Jul 2013 10:00:21 +0000

Hi all, I'm writing for a small problem.

I have a squid instance (3.3.6) with differents parents:
    cache_peer host11.domain.com parent 8084 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
    cache_peer host12.domain.com parent 8084 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
    cache_peer host21.domain.com parent 9090 0 proxy-only no-query
    cache_peer host31.domain.com parent 8080 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3
    cache_peer host32.domain.com parent 8080 0 proxy-only no-query sourcehash round-robin connect-timeout=10 connect-fail-limit=3

To route the requests to the right parent and to make acls I include external files (include .......file1.conf).

After all the inclusion and some other general settings (squid.conf) I close access to peers:
    cache_peer_access host11.domain.com parent deny all
    cache_peer_access host12.domain.com parent deny all
    cache_peer_access host21.domain.com parent deny all
    cache_peer_access host31.domain.com parent deny all
    cache_peer_access host32.domain.com parent deny all

The includes files look like (just the allow part):
    http_access allow srcservers1 todomains1
    http_access allow srcservers2 todomains2
    cache_peer_access host11.domain.com allow todomains1
    cache_peer_access host12.domain.com allow todomains2
    cache_peer_access host11.domain.com allow todomains1
    cache_peer_access host12.domain.com allow todomains2

In general this solution work great but I've just found out that some rules doesn't work.
By debugging a little bit I've discovered the the problem is an include file (as the one just described) that use destination acls with IPs:

if todomains1 is something like "acl todomains1 dstdomain www.sample.com" the "cache_peer_access host11.domain.com allow todomains1" works correctly
if todomains1 is something like "acl toibmhmc dst 99.99.99.99" the "cache_peer_access host11.domain.com allow todomains1" doesn't work and all the directives of cache_peer_access that follows doesn't working.

Has someone any idea ?

Kind regards,
Daniel
Received on Fri Jul 05 2013 - 10:00:41 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 05 2013 - 12:00:11 MDT