Re: [squid-users] Routeing to different upstream caches?

From: Steve Brown <[email protected]>
Date: Tue, 16 Nov 2004 11:04:56 +0000

Matus UHLAR - fantomas wrote:
> with acl.
>
> note that https can't be cached, so it has only value if:
> 1. your clients can't connect to the proxy1
> 2. your proxy can't connect to the internet
> (if both these are true)

Ok thanks. I probably didn't give enough detail originally.

I actually want to _always_ send http to Proxy1, and _always_ send httpS
requests to Proxy2.

The users connect to a downstream non-caching content-checking Proxy.
I'll have a go at an ascii diagram:

                     --------
             -------| Proxy2 |----------\ HTTPS
  ------ | -------- \------- -------------
| Inet |---+ | Squid |-----| non-caching |
  ------ | -------- /------- -------------
             -------| Proxy1 |----------/ HTTP |
                     -------- |
                                                           ---------
                                                          | Users |
                                                           ---------

Users are authenticated on the non-caching proxy which is a
content-checking box. It send requests to its upstream proxy - the Squid
cache - on a single port 80.

I need Squid to break out HTTPS traffic one way, and plain HTTP traffic
another way and _always_ feed each to a different upstream. Proxy 1 is
an active-code stripper and Proxy 2 SSL termination/content-checking box.

Can I still do this with an ACL and the peer_cache_access + url_regex?

I was thinking of something like:

acl http_traffic url_regex "^http://*"
acl ssl_traffic url_regex "^https://*"
cache_peer Proxy1.domain parent 80 0 no-query
cache_peer Proxy1.domain parent 80 0 no-query
cache_peer_access Proxy1.domain allow http_traffic
cache_peer_access Proxy2.domain allow ssl_traffic

-S
Received on Tue Nov 16 2004 - 04:05:08 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST