On Thu, 22 Jul 2004, Merton Campbell Crockett wrote:
> Background:
>
> (1) Companies A, B, and C are working on a joint project.
> (2) Company A is the lead for the joint project and is responsible
> for maintaining a web-accessible database of information about
> the project that is accessible to all team members.
> (3) Private, dedicated links have been established between A, B,
> and C to allow access to the database.
> (4) The web server for the database is only accessible through the
> private network connection and is not visible to the Internet.
> (5) Company B installs a Squid proxy server to provide restricted
> access to the web server at company A.
> (6) All HTTP requests for PROJECT.A.COM need to be forwarded to
> this Squid proxy server while all other HTTP requests for A.COM
> are forwarded to the default proxy server that provides Internet
> access.
>
> Using 2.4-STABLE7, this appeared to work when using cache_peer_domain.
> Under 2.5-STABLE6, the requests are always being routed to the default
> parent cache that provides access to the Internet.
>
> Which debug sections need to be enabled in the debug options to determine
> why the "right" proxy server is not being selected?
The solution to this problem was to set the "right" debug_option values.
After 'grep'ing the source code, I found that I needed 44,5 set to debug
the peer selection process.
With the right section and level specified, the problem was quickly
identified as a forward reference to an ACL. Hate when that happens!
There still seems to be an error in the peer selection algorithm. I had
initially defined the peer as a sibling.
cache_peer proxy.b.com sibling 8080 3130 allow-miss no-digest no-query
Then, I redefined it using neighbor_type_domain.
neigbor_type_domain proxy.b.com parent .project.a.com
I had expected this to force selection of the proxy.b.com as the peer.
The default parent continued to be selected over the peer that was
explicitly defined as a parent for the specified destination domain.
I had to add a cache_peer_access to explicitly deny the use of the default
proxy as a peer.
Merton Campbell Crockett
--
BEGIN: vcard
VERSION: 3.0
FN: Merton Campbell Crockett
ORG: General Dynamics Advanced Information Systems;
Intelligence and Exploitation Systems
N: Crockett;Merton;Campbell
EMAIL;TYPE=internet: [EMAIL PROTECTED]
TEL;TYPE=work,voice,msg,pref: +1(805)497-5045
TEL;TYPE=work,fax: +1(805)497-5050
TEL;TYPE=cell,voice,msg: +1(805)377-6762
END: vcard
