[squid-users] Advice on Cache Peer ACLs
rousskov at measurement-factory.com
Fri Aug 30 17:41:53 UTC 2019
On 8/30/19 11:44 AM, creditu at eml.cc wrote:
> We use several squid servers in accelerator mode for load balancing to send public requests to backend servers. The squids don't do any caching, they just forward requests to the backend.
> We have cache_peer directives to send the incoming requests to the backend Apache servers. What I need to do is send requests to a certain page to a specific backend server and all others to the other backends. The site has many pages, subpages etc.
> What I want to do is if someone requests:
> https://www.example.com/anything/anything/script.php or https://origin-www.example.com/anything/anything/etc/etc/script.php
> Send the request to only .1, .2,.3.
> If someone requests :
> https://www.example.com/anything/tst/map2/script.php or https://origin-www.example.com/anything/anything/tst/map1/etc/script.php
> Send that request only to .4 and .5.
> It seems to work most of the time, but tailing the access logs on the servers I sometimes see one of the requests for ../tst/map2/... or map1 show up on .1,.2, or .3.
Do Squid access logs have the corresponding records as well? What cache
peer selection algorithm does Squid record for those misdirected
> Is there something I'm missing?
Could Squid go direct to one of those origin servers (e.g., when all
eligible cache peers were down)?
BTW, please note that your cache_peer_access rules look inconsistent:
Your cache_peer_access .1-3 rules require certain domain names but .4-5
rules do not. This does not explain the discrepancy you are describing
above, but you may want to adjust your rules for consistency sake
(either to ignore dstdomain completely or to require correct domains for
all cache peers).
> acl all_requests dstdomain -n www.example.com origin-www.example.com
> acl limited url_regex -i /tst/map1|/tst/map2
> cache_peer 192.168.1.1 parent 80 0 no-query no-digest connect-fail-limit=10 weight=1 originserver round-robin
> cache_peer_access 192.168.1.1 deny limited
> cache_peer_access 192.168.1.1 allow all_requests
> cache_peer_access 192.168.1.1 deny all
> cache_peer 192.168.1.2 parent 80 0 no-query no-digest connect-fail-limit=10 weight=1 originserver round-robin
> cache_peer_access 192.168.1.2 deny limited
> cache_peer_access 192.168.1.2 allow all_requests
> cache_peer_access 192.168.1.2 deny all
> cache_peer 192.168.1.3 parent 80 0 no-query no-digest connect-fail-limit=10 weight=1 originserver round-robin
> cache_peer_access 192.168.1.3 deny limited
> cache_peer_access 192.168.1.3 allow all_requests
> cache_peer_access 192.168.1.3 deny all
> cache_peer 192.168.1.4 parent 80 0 no-query no-digest connect-fail-limit=10 weight=1 originserver round-robin
> cache_peer_access 192.168.1.4 allow limited
> cache_peer_access 192.168.1.4 deny all
> cache_peer 192.168.1.5 parent 80 0 no-query no-digest connect-fail-limit=10 weight=1 originserver round-robin
> cache_peer_access 192.168.1.5 allow limited
> cache_peer_access 192.168.1.5 deny all
More information about the squid-users