[squid-users] cache_peer_access by dynamic ACL
Alexeyяр Gruzdov
my.shellac at gmail.com
Tue Apr 18 15:41:47 UTC 2023
Hello Guys!
Could you explain me how the annotation transaction works and how it
related to acl that I could to use with cache_peers
ok! Lets look to my case example:
1. I have three of cache_peers:
cache_peer peerG1.com parent 40001 0 no-query no-digest
name=peerG1 round-robin
cache_peer peerG2.com parent 40002 0 no-query no-digest
name=peerG2 round-robin
cache_peer peerG3.com parent 40003 0 no-query no-digest
name=peerG3 round-robin
2. I have cache_peer_acces policy:
cache_peer_access peerG1 allow proxy_peerG1_acl cache_peer_access
peerG1 allow proxy_all_acl cache_peer_access peerG1 deny all
cache_peer_access peerG2 allow proxy_peerG2_acl cache_peer_access
peerG2 allow proxy_all_acl cache_peer_access peerG2 deny all
cache_peer_access peerG3 allow proxy_peerG3_acl
cache_peer_access peerG3 allow proxy_all_acl cache_peer_access peerG3 deny
all 3. And of course ACL defined: proxy_peerG1_acl proxy_auth "../users.
peerG1.txt" proxy_peerG2_acl proxy_auth "../users.peerG2.txt"
proxy_peerG3_acl proxy_auth "../users.peerG3.txt" proxy_all_acl proxy_auth
"../users.all.txt"
And these all works like I need, But - once I am changing a list of users
(add or remove) - I need to use "squid -k reconfigure"...... but of course
better to go without this reconfigure and use ACL like in a dynamic mode.
Squid supports the external ACL, but this is slow ACL, but cache_peer
doesn't support the low_acl. Also there is one more option - called
annotation_transaction - could you explain me how I could to use this in my
case ? Thank you. AlexG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230418/d9fb1ba3/attachment.htm>
More information about the squid-users
mailing list