[squid-users] cache_peer_access directive problem

Fri, 05 Jul 2013 03:01:16 -0700 

Hi all, I'm writing for a small problem.
 
I have a squid instance (3.3.6) with differents parents:
    cache_peer host11.domain.com parent 8084 0 proxy-only no-query sourcehash 
round-robin connect-timeout=10 connect-fail-limit=3
    cache_peer host12.domain.com parent 8084 0 proxy-only no-query sourcehash 
round-robin connect-timeout=10 connect-fail-limit=3
    cache_peer host21.domain.com parent 9090 0 proxy-only no-query
    cache_peer host31.domain.com parent 8080 0 proxy-only no-query sourcehash 
round-robin connect-timeout=10 connect-fail-limit=3
    cache_peer host32.domain.com parent 8080 0 proxy-only no-query sourcehash 
round-robin connect-timeout=10 connect-fail-limit=3
 
To route the requests to the right parent and to make acls I include external 
files (include .......file1.conf). 
 
After all the inclusion and some other general settings (squid.conf) I close 
access to peers:
    cache_peer_access  host11.domain.com parent deny all
    cache_peer_access  host12.domain.com parent deny all
    cache_peer_access  host21.domain.com parent deny all
    cache_peer_access  host31.domain.com parent deny all
    cache_peer_access  host32.domain.com parent deny all
 
The includes files look like (just the allow part):
    http_access allow srcservers1 todomains1 
    http_access allow srcservers2 todomains2
    cache_peer_access host11.domain.com allow todomains1
    cache_peer_access host12.domain.com allow todomains2
    cache_peer_access host11.domain.com allow todomains1
    cache_peer_access host12.domain.com allow todomains2
 
In general this solution work great but I've just found out that some rules 
doesn't work.
By debugging a little bit I've discovered the the problem is an include file 
(as the one just described) that use destination acls with IPs:
 
if todomains1 is something like "acl todomains1 dstdomain www.sample.com" the 
"cache_peer_access host11.domain.com allow todomains1" works correctly
if todomains1 is something like "acl toibmhmc dst 99.99.99.99" the 
"cache_peer_access host11.domain.com allow todomains1" doesn't work and all the 
directives of cache_peer_access that follows doesn't working.
 
Has someone any idea ? 
 
Kind regards,
Daniel

Reply via email to