[squid-users] Configure squid 3.5 to use different parent proxies for different listening ports

Damir Bagapov damir.k.bagapov at gmail.com
Mon Feb 20 22:06:36 UTC 2017


Thanks for help, finally it seems to be working with following configuration

http_port 3128 name=port_3128
http_port 3127 name=port_3127

nonhierarchical_direct off

acl port_3128_acl myportname port_3128
acl port_3127_acl myportname port_3127

always_direct deny port_3128_acl
always_direct deny port_3127_acl

never_direct allow port_3128_acl
never_direct allow port_3127_acl

# 3128
cache_peer proxy1 parent 3128 0 proxy-only default  name=proxy3128
cache_peer_access proxy3128 allow port_3128_acl
cache_peer_access proxy3128 deny all

# 3127
cache_peer proxy2 parent 3128 0 proxy-only default  name=proxy3127
cache_peer_access proxy3127 allow port_3127_acl
cache_peer_access proxy3127 deny all

For some reason 'no-query originserver' version didn't work, so I had to
change it back to 'proxy-only default'

2017-02-20 23:26 GMT+02:00 Alex Rousskov <rousskov at measurement-factory.com>:

> On 02/20/2017 02:08 PM, Damir Bagapov wrote:
>
> > I need to configure squid in a way when all incoming requests to
> > 3128 port will be redirected to proxy1 (as it works now), and all
> > incoming requests to 3127 will be redirected to proxy2.
>
> > http_port 3128
> > http_port 3127
> >
> > acl port_3128 port 3128
> > acl port_3127 port 3127
> >
> > # 3128
> > cache_peer proxy01 parent 3128 0 no-query originserver name=proxy3128
> > cache_peer_access proxy3128 allow port_3128
> > cache_peer_access proxy3128 deny port_3127
> >
> > # 3127
> > cache_peer proxy02 parent 3128 0 no-query originserver name=proxy3127
> > cache_peer_access proxy3127 allow port_3127
> > cache_peer_access proxy3127 deny port_3128
>
>
> You probably want to use the "myport" ACLs instead of the "port" ACLs
> because you route based on the Squid listening port, not the origin
> server listening port.
>
> I hope you do not need those "deny" rules for cache_peer_access
> directives because the default -- reverse the last action [for the same
> peer] -- should work fine. If you want or need to have explicit deny
> rules, use "deny all" to clarify the intent and avoid the "what if none
> of the cache_peer_access rules match for a peer?" concerns.
>
>
> HTH,
>
> Alex.
>
>


-- 
Best regards,
Damir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170221/37ebbf71/attachment.html>


More information about the squid-users mailing list