[squid-users] Cache Peer Issue with URL

Alex Rousskov rousskov at measurement-factory.com
Fri Jun 4 23:10:15 UTC 2021 

On 6/4/21 4:19 PM, koshik moshik wrote:
> Basically I have created two cashe peers:
> 
> never_direct allow all
> acl ab1 dstdom_regex "/etc/squid/Bad_Homepages.squid" cache_peer
> my.proxy.com <http://my.proxy.com> parent 31112 0 login=user:pw no-query
> name=user cache_peer_access user allow ab1 cache_peer_access user deny
> all acl ab2 proxy_auth userName1 cache_peer myProxyparent 31112 0
> login=user:pwno-query name=user2 cache_peer_access user2 allow ab2
> cache_peer_access user2 deny all
> 
> 
> As you can see, I have a Bad_homepages.squid file which contains regular
> expressions for a website, so this cache_peer will only be used, if the
> HOMEPAGE is requested. If a sub page is requested, the second
> cache_peer(acl ab2) should be used. 
> 
> Example: www.test.com <http://www.test.com> -> ab1 should be used 
> www.test.com/hello <http://www.test.com/hello> -> ab2 should be used. 

Sorry about bad quoting -- Thunderbird is having trouble with your HTML
email...


> The regex in the Bad_Homepages.squid file is following:
> .whatismyip.com($|/$|/?)

It looks like you are using a domain-based dstdom_regex but trying to
match URL paths. If you are trying to detect URLs with non-empty paths,
then you may want to use something like

  acl ab1 urlpath_regex .

or

  acl ab1 urlpath_regex /.

I do not know whether the leading slash is included and the built-in
docs do not say. Others on the list may know the answer or you can find
it using tests.

You can make the regex tighter by excluding repeated "/" characters and
"#", but those are usually unimportant details if you keep in mind that
nothing will work reliably in general because the URL path may contain a
lot of stuff that the origin server may ignore or reinterpret.


Finally, if you want Squid to use either peer A or peer B, then do not
use two different ACLs to direct traffic to them. Use mutually exclusive
tests of one ACL:

  cache_peer_access user allow ab1
  cache_peer_access user deny all

  cache_peer_access user2 deny ab1
  cache_peer_access user2 allow all


Please be mindful of nonhierarchical_direct and encrypted traffic.


HTH,

Alex.

More information about the squid-users mailing list