Re: [squid-users] cache_peer question
On 2013-11-06 03:43, Brendan Kearney wrote: I use: cache_peer peer.domain.tld sibling 31284827htcp=no-clr cache_peer 127.0.0.1parent 80807 no-query no-digest login=PASSTHRU ... always_direct allow ThisACL always_direct deny all ... never_direct deny ThisACL never_direct allow all always_direct will push the request without it going to the parent. never_direct will force the request to go to the parent. Small correction. never_direct allow simply blocks the local proxy connecting to the origin server via DNS lookups. This setup works because the parent is allowed to be used by the default cache_peer_access settings and FIRST_UP_PARENT algorithm is the default selection method for Squid (so the sibling does not get used as preferred peer). Amos
[squid-users] cache_peer question
I came across this where it forward all requests to another proxy cache_peer parentcache.foo.com parent 3128 0 no-query default never_direct allow all How can I deny all requests to use the parent proxy except for a specific domain. Everything else use the child. Thanks Monah
Re: [squid-users] cache_peer question
On Tue, 2013-11-05 at 08:31 -0500, Monah Baki wrote: I came across this where it forward all requests to another proxy cache_peer parentcache.foo.com parent 3128 0 no-query default never_direct allow all How can I deny all requests to use the parent proxy except for a specific domain. Everything else use the child. Thanks Monah I use: cache_peer peer.domain.tld sibling 31284827htcp=no-clr cache_peer 127.0.0.1parent 80807 no-query no-digest login=PASSTHRU ... always_direct allow ThisACL always_direct deny all ... never_direct deny ThisACL never_direct allow all always_direct will push the request without it going to the parent. never_direct will force the request to go to the parent.
Re: [squid-users] Cache_Peer Question (Newbie)
On 25.08.06 10:38, beno wrote: I must misunderstand something fundamental about cache_peer. Here is my line in squid.conf: cache_peer 202.71.106.119 parent 7080 2020 default no-query What I want to do is configure cache_peer to: * Receive requests from Pound (which it is...I get a Squid error page) * Send _all_ requests to port 7080 unless, of course, Squid has a cached page, which it can then serve. I have no need of ICP, so I don't know if that 2020 (which is the port Squid listens on) is necessary. I am perhaps mistaken in assuming that Squid is the parent in this relationship. The error page follows. you specify ICP port of a neighbour proxy server, only if you specify HTTP port of THE SAME NEIGHBOUR proxy server. use 0 better. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question!
[squid-users] Cache_Peer Question (Newbie)
Hi; I must misunderstand something fundamental about cache_peer. Here is my line in squid.conf: cache_peer 202.71.106.119 parent 7080 2020 default no-query What I want to do is configure cache_peer to: * Receive requests from Pound (which it is...I get a Squid error page) * Send _all_ requests to port 7080 unless, of course, Squid has a cached page, which it can then serve. I have no need of ICP, so I don't know if that 2020 (which is the port Squid listens on) is necessary. I am perhaps mistaken in assuming that Squid is the parent in this relationship. The error page follows. TIA, beno ERROR The requested URL could not be retrieved While trying to process the request: GET / HTTP/1.1 Host: 2012.vi User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache X-Forwarded-For: 200.88.97.74 The following error was encountered: * * Invalid Request * Some aspect of the HTTP Request is invalid. Possible problems: * Missing or unknown request method * Missing URL * Missing HTTP Identifier (HTTP/1.0) * Request is too large * Content-Length missing for POST or PUT requests * Illegal character in hostname; underscores are not allowed
Re: Fwd: [squid-users] Cache_Peer Question (Newbie)
Gonzalo Arana wrote: Hi, The request you posted is a request that should be addressed to a web server, not to a proxy server. Perhaps you want your squid to be an http accelerator? If this is the case, and if you are running squid 2.6 you should have something like: http_port 80 virtual I got a bungled line on that. I changed 80 to 2020, which is what squid is listening on. I have Pound before Squid, passing requests to the latter on port 2020. I have Zope behind Squid, so Squid needs to pass requests to port 7080 where Zope can receive them. This works, but of course I only tested it then changed it: http_access allow all That tells me the problem appears to be in my acl rules. Here is my latest effort: acl my_ip src 202.71.106.119 http_access allow my_ip localhost cache_peer_access 2012.vi allow my_ip localhost cache_peer_access 2012.vi deny all http_access deny all Here's some stuff from my access.log: 1156529358.559 0 202.71.106.119 TCP_DENIED/403 1438 GET http://shop.2012.vi/Jewels_Gems/Jewelry/mailto:[EMAIL PROTECTED] - NONE/- text/html 1156529359.183 0 202.71.106.119 TCP_DENIED/403 1398 GET http://shop.2012.vi/Jewels_Gems/Jewelry/ - NONE/- text/html 1156529386.843 0 202.71.106.119 TCP_DENIED/403 1428 GET http://shop.2012.vi/Divination/Tarot/Boxes_for_Your.pt? - NONE/- text/html 1156529521.854 0 202.71.106.119 TCP_DENIED/403 1432 GET http://shop.2012.vi/Customer_Service/Contact_Us/Typos.pt? - NONE/- text/html 1156529656.926 0 202.71.106.119 TCP_DENIED/403 1470 GET http://shop.2012.vi/Customer_Service/Contact_Us/Comments_Concerning_Page.pt? - NONE/- text/html 1156529678.068 0 202.71.106.119 TCP_DENIED/403 1378 GET http://shop.2012.vi/robots.txt - NONE/- text/html 1156529678.662 0 202.71.106.119 TCP_DENIED/403 1420 GET http://shop.2012.vi/My_2012/Preferences/Sign_In.pt? - NONE/- text/html 1156529792.388 0 202.71.106.119 TCP_DENIED/403 1440 GET http://shop.2012.vi/Divination/Tarot/Boxes_for_Your_Cards.pt? - NONE/- text/html 1156529927.684 0 202.71.106.119 TCP_DENIED/403 1440 GET http://shop.2012.vi/Divination/Tarot/Boxes_for_Your_Cards.pt? - NONE/- text/html 1156530062.955 0 202.71.106.119 TCP_DENIED/403 1440 GET http://shop.2012.vi/Divination/Tarot/Boxes_for_Your_Cards.pt? - NONE/- text/html Surfing to the page gives me an Access Denied error, generated by Squid. Thanks for any help you can offer, beno
Re: Fwd: [squid-users] Cache_Peer Question (Newbie)
beno wrote: Gonzalo Arana wrote: Hi, The request you posted is a request that should be addressed to a web server, not to a proxy server. Perhaps you want your squid to be an http accelerator? If this is the case, and if you are running squid 2.6 you should have something like: http_port 80 virtual I got a bungled line on that. I changed 80 to 2020, which is what squid is listening on. I have Pound before Squid, passing requests to the latter on port 2020. I have Zope behind Squid, so Squid needs to pass requests to port 7080 where Zope can receive them. This works, but of course I only tested it then changed it: http_access allow all That tells me the problem appears to be in my acl rules. Here is my latest effort: acl my_ip src 202.71.106.119 http_access allow my_ip localhost This will never pass. Read up on ACLs (http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-af2c190759b099a7986221cd12a4066eb146a1c4) to see why. cache_peer_access 2012.vi allow my_ip localhost Same story here. cache_peer_access 2012.vi deny all http_access deny all Here's some stuff from my access.log: 1156529358.559 0 202.71.106.119 TCP_DENIED/403 1438 GET http://shop.2012.vi/Jewels_Gems/Jewelry/mailto:[EMAIL PROTECTED] - NONE/- text/html 1156529359.183 0 202.71.106.119 TCP_DENIED/403 1398 GET http://shop.2012.vi/Jewels_Gems/Jewelry/ - NONE/- text/html 1156529386.843 0 202.71.106.119 TCP_DENIED/403 1428 GET http://shop.2012.vi/Divination/Tarot/Boxes_for_Your.pt? - NONE/- text/html 1156529521.854 0 202.71.106.119 TCP_DENIED/403 1432 GET http://shop.2012.vi/Customer_Service/Contact_Us/Typos.pt? - NONE/- text/html 1156529656.926 0 202.71.106.119 TCP_DENIED/403 1470 GET http://shop.2012.vi/Customer_Service/Contact_Us/Comments_Concerning_Page.pt? - NONE/- text/html 1156529678.068 0 202.71.106.119 TCP_DENIED/403 1378 GET http://shop.2012.vi/robots.txt - NONE/- text/html 1156529678.662 0 202.71.106.119 TCP_DENIED/403 1420 GET http://shop.2012.vi/My_2012/Preferences/Sign_In.pt? - NONE/- text/html 1156529792.388 0 202.71.106.119 TCP_DENIED/403 1440 GET http://shop.2012.vi/Divination/Tarot/Boxes_for_Your_Cards.pt? - NONE/- text/html 1156529927.684 0 202.71.106.119 TCP_DENIED/403 1440 GET http://shop.2012.vi/Divination/Tarot/Boxes_for_Your_Cards.pt? - NONE/- text/html 1156530062.955 0 202.71.106.119 TCP_DENIED/403 1440 GET http://shop.2012.vi/Divination/Tarot/Boxes_for_Your_Cards.pt? - NONE/- text/html Surfing to the page gives me an Access Denied error, generated by Squid. Thanks for any help you can offer, beno Chris
Re: Fwd: [squid-users] Cache_Peer Question (Newbie)
Chris Robertson wrote: acl my_ip src 202.71.106.119 http_access allow my_ip localhost This will never pass. Read up on ACLs (http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-af2c190759b099a7986221cd12a4066eb146a1c4) to see why. http_access allow my_ip http_access allow localhost cache_peer_access 2012.vi allow my_ip localhost Same story here. cache_peer_access 2012.vi allow my_ip cache_peer_access 2012.vi allow localhost It works now! Thanks! beno
RE: [squid-users] cache_peer question
- Add... - - acl extra_proxy dstdomain .bancodecurriculum.com.ar - never_direct allow extra_proxy - always_direct allow all Sorry, but does't work. :-( is very rare, because with linx http_proxy option work! - - -Original Message- - From: LinuXKiD [mailto:[EMAIL PROTECTED] - Sent: Thursday, August 18, 2005 2:26 PM - To: Squid - Subject: [squid-users] cache_peer question - - - Hi - - I've a small lan with a linux: - - - iproute2 - - iptables-1.3.1 - - kernel 2.4.28 - - squid 2.5stable 10 - - working as router - - I need to access to a web site: www.bancodecurriculum.com.ar - but, from my ISP link I can't. - - while my ISP fix that problem, I've found a free proxy (from - www.freeproxy.ru) - and with lynx, I can access it (setting that anther proxy on - /etc/lynx.cfg - http_proxy - ), without problem !! - - Next, I try to set my squid in order to all lan hosts can get - that url. - - Than I've set on /etc/squid/squid.conf: - - cache_peer XX.YY.ZZ.TT parent 3128 0 no-query default - #cache_peer_domain XX.YY.ZZ.TT .bancodecurriculum.com.ar - - But, I still can't access to website www.bancodecurriculum.com.ar - - I've tried also: - - echo 0 /proc/sys/net7ipv4/tcp_ecn - - - some body can help me ? - - bests. - andres. - - - - Add... - - acl extra_proxy dstdomain .bancodecurriculum.com.ar - never_direct allow extra_proxy - always_direct allow all - - ...to have your proxy only hit the parent proxy for that domain. - You probably don't want the extra latency for sites you can - reach normally. Be sure that you run squid -k reconfigure to - reload any squid.conf changes. - - Chris
RE: [squid-users] cache_peer question
-Original Message- From: LinuXKiD [mailto:[EMAIL PROTECTED] Sent: Friday, August 19, 2005 10:18 AM To: Squid Subject: RE: [squid-users] cache_peer question - Add... - - acl extra_proxy dstdomain .bancodecurriculum.com.ar - never_direct allow extra_proxy - always_direct allow all Sorry, but does't work. :-( is very rare, because with linx http_proxy option work! What does your access.log show when you try to access the www.bancodecurriculum.com.ar site? Chris
[squid-users] cache_peer question
Hi I've a small lan with a linux: - iproute2 - iptables-1.3.1 - kernel 2.4.28 - squid 2.5stable 10 - working as router I need to access to a web site: www.bancodecurriculum.com.ar but, from my ISP link I can't. while my ISP fix that problem, I've found a free proxy (from www.freeproxy.ru) and with lynx, I can access it (setting that anther proxy on /etc/lynx.cfg - http_proxy - ), without problem !! Next, I try to set my squid in order to all lan hosts can get that url. Than I've set on /etc/squid/squid.conf: cache_peer XX.YY.ZZ.TT parent 3128 0 no-query default #cache_peer_domain XX.YY.ZZ.TT .bancodecurriculum.com.ar But, I still can't access to website www.bancodecurriculum.com.ar I've tried also: echo 0 /proc/sys/net7ipv4/tcp_ecn some body can help me ? bests. andres. -- Andres Gregori Linux Support Services [EMAIL PROTECTED] 291 15 4041973
RE: [squid-users] cache_peer question
-Original Message- From: LinuXKiD [mailto:[EMAIL PROTECTED] Sent: Thursday, August 18, 2005 2:26 PM To: Squid Subject: [squid-users] cache_peer question Hi I've a small lan with a linux: - iproute2 - iptables-1.3.1 - kernel 2.4.28 - squid 2.5stable 10 - working as router I need to access to a web site: www.bancodecurriculum.com.ar but, from my ISP link I can't. while my ISP fix that problem, I've found a free proxy (from www.freeproxy.ru) and with lynx, I can access it (setting that anther proxy on /etc/lynx.cfg - http_proxy - ), without problem !! Next, I try to set my squid in order to all lan hosts can get that url. Than I've set on /etc/squid/squid.conf: cache_peer XX.YY.ZZ.TT parent 3128 0 no-query default #cache_peer_domain XX.YY.ZZ.TT .bancodecurriculum.com.ar But, I still can't access to website www.bancodecurriculum.com.ar I've tried also: echo 0 /proc/sys/net7ipv4/tcp_ecn some body can help me ? bests. andres. Add... acl extra_proxy dstdomain .bancodecurriculum.com.ar never_direct allow extra_proxy always_direct allow all ...to have your proxy only hit the parent proxy for that domain. You probably don't want the extra latency for sites you can reach normally. Be sure that you run squid -k reconfigure to reload any squid.conf changes. Chris
[squid-users] cache_peer question
hi list I want to configure a cache server which have three parents. Do a child have more then on parent ? :), what i'm doing atm is something like this. cache_peer parent-cache1 parent 3128 3130 no-query proxy-only cache_peer parent-cache2 parent 3128 3130 no-query proxy-only cache_peer parent-cache3 parent 3128 3130 no-query proxy-only However when i check on parent proxy i could see only parent-cache1 got the request not the others. So what exactly i want to choose parent in round robin fashion. secondly if the child cache request an object from parents it serve it without caching it local is no-query proxy-only is right for that purpose? any help in this regards will be greatly appreciated. regards
Re: [squid-users] cache_peer question
user carp and recompile squid using --enable-carp cache_peer parent-cache1 parent 3128 3130 no-query proxy-only carp-load-factor=.34 cache_peer parent-cache2 parent 3128 3130 no-query proxy-only carp-load-factor=.33 cache_peer parent-cache3 parent 3128 3130 no-query proxy-only carp-load-factor=.33 On 8/5/05, Askar [EMAIL PROTECTED] wrote: hi list I want to configure a cache server which have three parents. Do a child have more then on parent ? :), what i'm doing atm is something like this. cache_peer parent-cache1 parent 3128 3130 no-query proxy-only cache_peer parent-cache2 parent 3128 3130 no-query proxy-only cache_peer parent-cache3 parent 3128 3130 no-query proxy-only However when i check on parent proxy i could see only parent-cache1 got the request not the others. So what exactly i want to choose parent in round robin fashion. secondly if the child cache request an object from parents it serve it without caching it local is no-query proxy-only is right for that purpose? any help in this regards will be greatly appreciated. regards -- Syed Kashif Ali Bukhari Network Associate Asia Net Cell :- +92-345-4244813 , +92-300-4295604 Ph +92-42-111-111-202 Fax +92-42-5840905 MSN:- [EMAIL PROTECTED] ; [EMAIL PROTECTED] http://asia.net.pk , http://asiatec.biz
Re: [squid-users] cache_peer question
Kashif Ali Bukhari wrote: user carp and recompile squid using --enable-carp cache_peer parent-cache1 parent 3128 3130 no-query proxy-only carp-load-factor=.34 cache_peer parent-cache2 parent 3128 3130 no-query proxy-only carp-load-factor=.33 cache_peer parent-cache3 parent 3128 3130 no-query proxy-only carp-load-factor=.33 On 8/5/05, Askar [EMAIL PROTECTED] wrote: hi list I want to configure a cache server which have three parents. Do a child have more then on parent ? :), what i'm doing atm is something like this. cache_peer parent-cache1 parent 3128 3130 no-query proxy-only cache_peer parent-cache2 parent 3128 3130 no-query proxy-only cache_peer parent-cache3 parent 3128 3130 no-query proxy-only However when i check on parent proxy i could see only parent-cache1 got the request not the others. So what exactly i want to choose parent in round robin fashion. secondly if the child cache request an object from parents it serve it without caching it local is no-query proxy-only is right for that purpose? any help in this regards will be greatly appreciated. regards what about going wihtout carp ? like ... cache_peer parent-cache1 parent 3128 3130 round-robin no-query cache_peer parent-cache2 parent 3128 3130 round-robin no-query cache_peer parent-cache3 parent 3128 3130 round-robin no-query I thinks round-robin kinda cool in this case eh ? regards
Re: [squid-users] cache_peer question
On 05.08 11:16, Askar wrote: I want to configure a cache server which have three parents. Do a child have more then on parent ? :), what i'm doing atm is something like this. cache_peer parent-cache1 parent 3128 3130 no-query proxy-only cache_peer parent-cache2 parent 3128 3130 no-query proxy-only cache_peer parent-cache3 parent 3128 3130 no-query proxy-only why no-query? You should use no-query only for proxies that don't support ICP/HTCP. However when i check on parent proxy i could see only parent-cache1 got the request not the others. So what exactly i want to choose parent in round robin fashion. secondly if the child cache request an object from parents it serve it without caching it local is no-query proxy-only is right for that purpose? the proxy-only is OK, but no-query is bad idea. I have 3 parents too: cache_peer proxy1.nextra.sk parent 3128 3130 proxy-only cache_peer proxy2.nextra.sk parent 3128 3130 proxy-only cache_peer proxy3.nextra.sk parent 3128 3130 proxy-only and logs show this: tux squid # grep /proxy1.nextra.sk access.log | wc -l 197122 tux squid # grep /proxy2.nextra.sk access.log | wc -l 188456 tux squid # grep /proxy3.nextra.sk access.log | wc -l 179851 looking at cache_peer docs: #use 'round-robin' to define a set of parents which #should be used in a round-robin fashion in the #absence of any ICP queries. I think that either enabling HTCP/ICP or adding round-robin would help you. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool.
Re: [squid-users] cache_peer question
On Fri, 5 Aug 2005, Askar wrote: I want to configure a cache server which have three parents. Do a child have more then on parent ? :) Most of us have two (father mother). cache_peer parent-cache1 parent 3128 3130 no-query proxy-only cache_peer parent-cache2 parent 3128 3130 no-query proxy-only cache_peer parent-cache3 parent 3128 3130 no-query proxy-only However when i check on parent proxy i could see only parent-cache1 got the request not the others. So what exactly i want to choose parent in round robin fashion. Then add round-robin to the list of options... secondly if the child cache request an object from parents it serve it without caching it local is no-query proxy-only is right for that purpose? no-query disabled ICP. Not related to caching. proxy-only disables local caching of requests fetched from this peer. Regards Henrik
[squid-users] cache_peer question
I want all internal users to be able to access all 3 web servers in the dmz thru reverse proxy. with the following config only the first one works. When trying to access the other 2 sites it defaults back to the first address .2 cache_peer 10.x.y.2 parent 80 0 no-query originserver cache_peer 10.x.y.135 parent 80 0 no-query originserver cache_peer 10.x.y.139 parent 80 0 no-query originserver
Re: [squid-users] cache_peer question
On Mon, 23 Aug 2004, Rob O'Connor wrote: I want all internal users to be able to access all 3 web servers in the dmz thru reverse proxy. with the following config only the first one works. When trying to access the other 2 sites it defaults back to the first address .2 See cache_peer_acces (or if you prefer cache_peer_domain) Regards Henrik