On 15/07/11 03:05, niemidc wrote:
One more thing -- I'm using nf-hipac so iptables is not present. I've
configured with --disable-linux-netfilter, but see this message on every
request:
kid1| WARNING: transparent proxying not supported
The actual caching process is working fine without NAT, is there a way to
suppress this message through config?
Should only be happening if the "intercept" option is configured on the
receiving http(s)_port and NAT is disabled. Handling NAT traffic without
correct details from the system NAT tables means everything you are
logging about the visitors is lies. Sure, the visitor gets valid info
back, but you still don't know exactly who they were.
If you don't have intercept set on the arrival http_port that is a bug
we need to get fixed.
As for mixing items in memory cache, I've now remembered this is why I have
the acl like this "cache_peer_access server3333 deny !www3333". In my
testing this seemed to preclude requests getting to the wrong cache item.
But it is all far from simple, I'd love to hear a more streamlined way to do
it.
That is the correct way to configure it. If, as you are, managing
hundreds in the one config you can use some tricks with the include
directive now. On linux it cam grok a whole folder worth of config files
and load them.
/etc/squid/squid.conf:
...
http_access deny CONNECT !SSL_Ports
include /etc/squid/peers/*
http_access deny all
Each one of the files under /etc/squid/peers/ can have an auto-generated
snippet of config relevant to that peer. ie http_port + cache_peer + acl
+ cache_peer_access + http_access.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.14
Beta testers wanted for 3.2.0.9
