Configure squid 3.5 to use different parent proxies for different listening ports

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Configure squid 3.5 to use different parent proxies for different listening ports

Damir Bagapov
Hi,

I have following configuration:

# Squid normally listens to port 3128
http_port 3128

cache_peer proxy1_address parent proxy1_port 0 proxy-only default login=name1:pass1
never_direct allow all

And I need to configure squid in a way when all incoming requests to 3128 port will be redirected to proxy1 (as it works now), and all incoming requests to 3127 will be redirected to proxy2. Is it possible to do?


http_port 3128
http_port 3127

acl port_3128 port 3128
acl port_3127 port 3127

# 3128
cache_peer proxy01 parent 3128 0 no-query originserver name=proxy3128
cache_peer_access proxy3128 allow port_3128
cache_peer_access proxy3128 deny port_3127

# 3127 
cache_peer proxy02 parent 3128 0 no-query originserver name=proxy3127
cache_peer_access proxy3127 allow port_3127
cache_peer_access proxy3127 deny port_3128

But its not working =(

--
Best regards,
Damir

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configure squid 3.5 to use different parent proxies for different listening ports

Alex Rousskov
On 02/20/2017 02:08 PM, Damir Bagapov wrote:

> I need to configure squid in a way when all incoming requests to
> 3128 port will be redirected to proxy1 (as it works now), and all
> incoming requests to 3127 will be redirected to proxy2.

> http_port 3128
> http_port 3127
>
> acl port_3128 port 3128
> acl port_3127 port 3127
>
> # 3128
> cache_peer proxy01 parent 3128 0 no-query originserver name=proxy3128
> cache_peer_access proxy3128 allow port_3128
> cache_peer_access proxy3128 deny port_3127
>
> # 3127
> cache_peer proxy02 parent 3128 0 no-query originserver name=proxy3127
> cache_peer_access proxy3127 allow port_3127
> cache_peer_access proxy3127 deny port_3128


You probably want to use the "myport" ACLs instead of the "port" ACLs
because you route based on the Squid listening port, not the origin
server listening port.

I hope you do not need those "deny" rules for cache_peer_access
directives because the default -- reverse the last action [for the same
peer] -- should work fine. If you want or need to have explicit deny
rules, use "deny all" to clarify the intent and avoid the "what if none
of the cache_peer_access rules match for a peer?" concerns.


HTH,

Alex.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configure squid 3.5 to use different parent proxies for different listening ports

Damir Bagapov
Thanks for help, finally it seems to be working with following configuration

http_port 3128 name=port_3128
http_port 3127 name=port_3127

nonhierarchical_direct off

acl port_3128_acl myportname port_3128
acl port_3127_acl myportname port_3127

always_direct deny port_3128_acl
always_direct deny port_3127_acl

never_direct allow port_3128_acl
never_direct allow port_3127_acl

# 3128
cache_peer proxy1 parent 3128 0 proxy-only default  name=proxy3128
cache_peer_access proxy3128 allow port_3128_acl
cache_peer_access proxy3128 deny all

# 3127 
cache_peer proxy2 parent 3128 0 proxy-only default  name=proxy3127
cache_peer_access proxy3127 allow port_3127_acl
cache_peer_access proxy3127 deny all

For some reason 'no-query originserver' version didn't work, so I had to change it back to 'proxy-only default'

2017-02-20 23:26 GMT+02:00 Alex Rousskov <[hidden email]>:
On 02/20/2017 02:08 PM, Damir Bagapov wrote:

> I need to configure squid in a way when all incoming requests to
> 3128 port will be redirected to proxy1 (as it works now), and all
> incoming requests to 3127 will be redirected to proxy2.

> http_port 3128
> http_port 3127
>
> acl port_3128 port 3128
> acl port_3127 port 3127
>
> # 3128
> cache_peer proxy01 parent 3128 0 no-query originserver name=proxy3128
> cache_peer_access proxy3128 allow port_3128
> cache_peer_access proxy3128 deny port_3127
>
> # 3127
> cache_peer proxy02 parent 3128 0 no-query originserver name=proxy3127
> cache_peer_access proxy3127 allow port_3127
> cache_peer_access proxy3127 deny port_3128


You probably want to use the "myport" ACLs instead of the "port" ACLs
because you route based on the Squid listening port, not the origin
server listening port.

I hope you do not need those "deny" rules for cache_peer_access
directives because the default -- reverse the last action [for the same
peer] -- should work fine. If you want or need to have explicit deny
rules, use "deny all" to clarify the intent and avoid the "what if none
of the cache_peer_access rules match for a peer?" concerns.


HTH,

Alex.




--
Best regards,
Damir

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configure squid 3.5 to use different parent proxies for different listening ports

Amos Jeffries
Administrator
On 21/02/2017 11:06 a.m., Damir Bagapov wrote:
>
> For some reason 'no-query originserver' version didn't work, so I had to
> change it back to 'proxy-only default'

HTTP has multiple different URI syntaxes for talking to proxies and
origin servers. The specific details can be found at:
<https://tools.ietf.org/html/rfc7230#section-5.3>

The 'originserver' option tells Squid to use the origin-form syntax
(among other origin-specific things) when talking to this peer.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...