[squid-users] select parent proxy based on ACL

Amos Jeffries squid3 at treenet.co.nz
Wed Apr 6 13:54:48 UTC 2016

Comments inline, For the TL;DR skip to the bottom.

On 7/04/2016 1:14 a.m., Pascal Watteel wrote:
> Ok maybe it was't all clear.
> I live in Dubai. Our local ISP limits the bandwith per TCP connection
> when connections are made outside of the gulf.
> Don't ask me why, they just do.
> I have a fast 128Mbit link but as i'm limited to 4Mbit per TCP, the
> moment i download a file from a non local mirror it's slow.

That is very odd. Are you sure its not a problem created by some
partially broken hardware somewhere? if they are selling you 128Mbps it
should work (close to) full rate with 1 TCP connection as well as with many.
Perhapse you should try and talk to the ISP sysadmin to see if it is
intentional (if so why its done) or a bug in the network itself.

> Aria2c or Uget works perfect on my desktop but i wanted a solution that
> would work universal without any software on a pc.
> the solution is ranged downloads if the server supports it.
> This will make my download split in example 16 ranged byte gets -> 16
> TCP connections => 16X 4Mbit => descent download speed.

"descent" is the right word for it. Descent into network congestion for
your ISP. :-P

If they are doing their job well you will find that this type of
behaviour actually lowers your network performance and/or raises the
monetary cost. If you actually tested and found that 16x increase
happens then they are not doing their job well - or perhapse the 'limit'
is actually an artifact of the network structure rather than any imposed

If they are doing their job very badly you might find the same, only
everyone else using them has worse network experience too as the
congestion hits everyone.

> My solution was to write a python based proxy.
> https://github.com/intagger/paraproxio
> It does exaclty that but in a proxy form. 
> Anything that is not .iso .zip or other that you can define in the
> config will just be transparent. Anything that is defined will be split
> in segmented downloads and so downloaded faster on my ISP.
> Now i already have a Squid proxy in my network with a another Squid
> proxy parent in AWS.
> I use the proxy for local caching nothing fancy, But use the parent
> with an acl to send specific domains to the parent and so enable me to
> access sites without the need of a VPN.
> I now want to add my Python based proxy as another parent.
> However i have no option to tell squid what parent to use.
> I would like to create a regex acl in squid and someway tell squid to
> use parent proxy X for ACL_X and parent proxy Y for ACL Y.
> But i can only use the ACL to say direct or indirect.
> And use the proxy-peer-domain statement to choose the parent based on a
> domain or tld.
> so my question is how to make squid choose the parent based on an ACL.
> hope this explanes it better for you.
> what my parent does, is not important. It could be anyother parent
> proxy.

Okay. What you are wanting is definitely

I suggest you may also want to look into the Store-ID and collapsed
forwarding features in Squid if you have one that supports them. Both of
them allow Squid to de-duplicate requests for identical objects. If your
custom Range requests reach a Squid with collapsed forwarding enabled
that Squid might even de-duplicate them back into a single fetch (for
example in your ISPs network).


More information about the squid-users mailing list