On Wed, 4 Feb 1998, Bill Wichers wrote:
> > The question is how can I force Squid to fetch
> >
> > all ".fi" via DIRECT, and
> > all others via DEFAULT_PARENT?
> >
> > I have tried putting ".fi" and "fi" to inside_firewall, local_domains,
>
> If you aren't required to use a firewall, then you need only enter the
> line `cache_host_domain your.isps.parent.cache !.fi` in the squid.conf. IF
> you do have to use a firewall, then you'll need to put that line in the
> config file for your http firewall (probably with some translation if your
> firewall doesn't run squid :-). Squid has no control over how a firewall
> fetches objects for it. No one has implented source routing in cache
> protocols yet as far as I know ;-)
(BTW, the squid version is "Squid Cache: Version 1.1.20")
I don't quite understand this. I do have the cache_host_domain already as
you described, and firewall allows connections from the cache host (so
there's no http-gw in the firewall, the squid can fetch any object DIRECT
if it wants to). But:
886748379.941 8782 127.0.0.1 ERR_CANNOT_FETCH/400 919 GET http://www.fi/ - NO_DIRECT_FAIL/www.fi -
eg.
No peers to query and the host is beyond your firewall.
The problem really seems to be that there is a firewall, and I want it to
access any address inside the firewall DIRECT too (I didn't tell this in
the original mail, sorry), so the whole things should be like:
all ".fi" DIRECT
all "inside firewall" DIRECT
all others DEFAULT_PARENT
Okay, so I'm testing now the following configuration:
cache_host www-cache.eunet.fi parent 800 3130 no-query default
cache_host_domain www-cache.eunet.fi !.fi
and there are *no* inside_firewall, local_domain, local_ip or
firewall_ip defined. So, I try to access the following URLs (our local
address, a .fi address and an international address -- the file is
bogus to force squid to fetch it not from the cache), from access log:
886749652.883 7292 127.0.0.1 TCP_MISS/404 946 GET http://duuni.net/x - DIRECT/duuni.net text/html
886749663.819 8450 127.0.0.1 TCP_MISS/404 289 GET http://www.fi/x - DIRECT/www.fi text/html
886749680.265 7717 127.0.0.1 TCP_MISS/404 350 GET http://www.netscape.com/x - DIRECT/www.netscape.com text/html
(Why is squid using DIRECT when there is a default parent defined ??)
All are done DIRECT -- I would have expected that www.fi would have
been the only DIRECT and rest through DEFAULT_PARENT. By testing some
variants I can say that the problems is not with cache_host_domain (no
change in behaviour if I added .com or deleted the whole line). When I
added:
inside_firewall satama.com duuni.net ura.net hima.net tothepoint.fi
and I get:
886750402.720 7450 127.0.0.1 TCP_MISS/404 946 GET http://duuni.net/yy - DIRECT/duuni.net text/html
886750411.153 6995 127.0.0.1 TCP_MISS/200 1624 GET http://www.fi/yy - DEFAULT_PARENT/www-cache.eunet.fi text/html
886750420.068 8280 127.0.0.1 TCP_MISS/404 350 GET http://www.netscape.com/yy - DEFAULT_PARENT/www-cache.eunet.fi text/html
so, duuni.net which is listed in inside_firewall is fetched DIRECT as
it should, www.netscape.com is fetched from DEFAULT_PARENT but www.fi
isn't DIRECT. Back to the drawing board, I add the cache_host_domain
back:
cache_host_domain www-cache.eunet.fi !.fi
and the results:
886750540.088 9429 127.0.0.1 TCP_MISS/404 946 GET http://duuni.net/aa - DIRECT/duuni.net text/html
886750549.959 6250 127.0.0.1 ERR_CANNOT_FETCH/400 923 GET http://www.fi/aa - NO_DIRECT_FAIL/www.fi -
886750558.374 7756 127.0.0.1 TCP_MISS/404 350 GET http://www.netscape.com/aa - DEFAULT_PARENT/www-cache.eunet.fi text/html
duuni.net and www.netscape.com are correct, but now I get the ominous
No peers to query and the host is beyond your firewall.
for www.fi, so I have come the full circle back to the original
question I posted. I *really* do not understand what is going on here.
(I'll try an alternative approach, which works ok, but I'd like to know
how to get this done just with squid itself.)
-- santtu@iki.fi I have become death, destroyer of the worlds.Received on Fri Feb 06 1998 - 02:33:00 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:48 MST