Re: [SQU] Forwarding all requests for a particular domain to another proxy

From: Anders K. Pedersen <[email protected]>
Date: Sat, 12 Aug 2000 13:06:02 +0200

Henrik Nordstrom wrote:
> Anders K. Pedersen wrote:
> > cache_peer proxy1 sibling 3128 3130 proxy-only
> > neighbor_type_domain proxy1 parent .xyz.dk
> > acl xyz dstdomain .xyz.dk
> > never_direct allow xyz
> > prefer_direct off
> >
> > But this doesn't work - whenever I try to retrieve anything from xyz.dk
> > through proxy2, I get the following error:
>
> > Valid document was not found in the cache and only-if-cached
> > directive was specified.
>
> Smells like a bug. It would be nice to see the details of the request
> sent to proxy1 here. Can you enable log_mime_hdrs on proxy1?

Yes, requesting http://www.xyz.dk from proxy2 gives the following log
entries in the access log of proxy1:

966076869.369 0 IP_of_proxy2 UDP_MISS/000 42 ICP_QUERY
http://www.xyz.dk/ - NONE/- - [] []
966076869.372 1 IP_of_proxy2 TCP_MISS/504 1185 GET
http://www.xyz.dk/ - NONE/- - [User-Agent: Mozilla/4.73 %5ben%5d (Win98;
U)\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language:
da,en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\nVia: 1.0 proxy2:3128
(Squid/2.3.STABLE4)\r\nX-Forwarded-For: IP_of_client\r\nHost:
www.xyz.dk\r\nCache-Control: max-age=259200,
only-if-cached\r\nProxy-Connection: keep-alive\r\n] [HTTP/1.0 504
Gateway Time-out\r\nServer: Squid/2.3.STABLE4\r\nMime-Version:
1.0\r\nDate: Sat, 12 Aug 2000 10:41:09 GMT\r\nContent-Type:
text/html\r\nContent-Length: 873\r\nExpires: Sat, 12 Aug 2000 10:41:09
GMT\r\nX-Squid-Error: ERR_ONLY_IF_CACHED_MISS 0\r\n\r]
966076869.375 0 IP_of_proxy2 TCP_MISS/504 1185 GET
http://www.xyz.dk/ - NONE/- - [User-Agent: Mozilla/4.73 %5ben%5d (Win98;
U)\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language:
da,en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\nVia: 1.0 proxy2:3128
(Squid/2.3.STABLE4)\r\nX-Forwarded-For: IP_of_client\r\nHost:
www.xyz.dk\r\nCache-Control: max-age=259200,
only-if-cached\r\nProxy-Connection: keep-alive\r\n] [HTTP/1.0 504
Gateway Time-out\r\nServer: Squid/2.3.STABLE4\r\nMime-Version:
1.0\r\nDate: Sat, 12 Aug 2000 10:41:09 GMT\r\nContent-Type:
text/html\r\nContent-Length: 873\r\nExpires: Sat, 12 Aug 2000 10:41:09
GMT\r\nX-Squid-Error: ERR_ONLY_IF_CACHED_MISS 0\r\n\r]

> > If I change the cache_peer line to "cache_peer proxy1 parent 3128 3130
> > proxy-only" (and remove the neighbor_type_domain, acl, and never_direct
> > directives abov), all requests for xyz.dk is sent through proxy1, but so
> > are all other requests, and that is not what we want.
>
> See also the cache_peer_access option.
>
> You should still use the never_direct option to tell the first Squid
> that it cannot go directly to this domain.

OK.

> > Am I doing
> > something wrong, or is the neighbor_type_domain not working?
>
> The first setup should work, provided there are no other cache peers and
> that it is ok to use proxy1 as a sibling on other domains. If you have
> other peers then cache_peer_access should be used to make sure the other
> are not used for this domain.

There is another cache_peer, but I have disabled it during these tests,
and proxy2 uses proxy1 as a sibling for all other pages without any
problems. I'll play with the cache_peer_access directive, when I get
this part running.

> Most often when conditions like this are seen, the proxy for the domain
> (and only that one) should only be used for that domain and nothing
> else. In such case a setup solely based on cache_peer_access for peer
> selection and never_direct is more appropriate.
>
> You do not need the prefer_direct option when using never_direct.

Well, actually both proxies can retrieve pages from this site, but only
proxy1 has full access, so we prefer using the prefer_direct directive
over never_direct, so that we can still see all the non-privileged pages
in case proxy1 should be unavailable.

Thanks for your help so far.

Regards,
Anders K. Pedersen

-- 
The From: and Reply-To: addresses are internal news2mail gateway addresses.
Reply to the list or to "Anders K. Pedersen" <akp@akp.dk>
Received on Sat Aug 12 2000 - 05:10:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:50 MST