<div dir="ltr"><div>Hi Alex, <br></div><div><br></div><div>It's working as expected. I tried to allow only specific domains during the time by adding below acl but I'm getting HTTP status code 503 in my access.log, below is my configuration. Could you please let me know what I'm missing here.</div><div><br></div><div>acl usePeerB time 00:30-00:59<br>acl usePeerB time 02:00-02:29</div><div>acl alloweddomains dstdomain <a href="http://google.com">google.com</a> <a href="http://facebook.com">facebook.com</a> <br></div><div><br></div><div><br></div><div>cache_peer_access peerA allow usePeerA allowedomains<br>cache_peer_access peerB allow usePeerB allowedomains <br>cache_peer_access peerC allow !usePeerA !userPeerB alloweddomains<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jun 11, 2020 at 4:54 AM Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com">rousskov@measurement-factory.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 6/10/20 12:20 PM, Antony Stone wrote:<br>
> On Wednesday 10 June 2020 at 18:11:03, Prem Chand wrote:<br>
> <br>
>> Hi Alex,<br>
>><br>
>> Thanks for responding to my issue . I didn't get how the math was done(why<br>
>> it's multiplied by 2) to get 16 slots if possible could you please elaborate<br>
>> with an example.<br>
> <br>
> I believe what Alex meant was:<br>
> <br>
> You want 30 minute timeslots for each of 3 peers, which is 48 half-hour <br>
> timeslots throughout the day.<br>
> <br>
> However, you only need to define 48/3 of these for peer A, and 48/3 of them for <br>
> peer B, and then let peer C deal with anything not already handled (so it <br>
> doesn't need its own definitions).<br>
> <br>
> 48/3 = 16, therefore you define 16 half-hour periods when you want peer A to do <br>
> the work, 16 half-hour periods for peer B, and then just say "peer C, handle <br>
> anything left over".<br>
<br>
Thank you, Antony! Here is an untested sketch:<br>
<br>
acl usePeerA time 00:00-00:29<br>
acl usePeerA time 01:30-01:59<br>
... a total of 16 ORed lines for the first peer ...<br>
... each line matches a unique 30 minute period ...<br>
<br>
<br>
acl usePeerB time 00:30-00:59<br>
acl usePeerB time 02:00-02:29<br>
... a total of 16 ORed lines for the second peer ...<br>
... each line matches a unique 30 minute period ...<br>
<br>
# and now match peer to its time slots<br>
cache_peer_access peerA allow usePeerA<br>
cache_peer_access peerB allow usePeerB<br>
cache_peer_access peerC allow !usePeerA !userPeerB<br>
<br>
<br>
The above may need further adjustments and polishing. For example, I am<br>
not sure how Squid will round these time values. The above assumes that<br>
00:29 limit includes all 60 seconds up to (but excluding) 00:30:00.<br>
<br>
<br>
HTH,<br>
<br>
Alex.<br>
<br>
<br>
>> On Wed, Jun 10, 2020 at 7:12 PM Alex Rousskov wrote:<br>
>>> On 6/10/20 6:09 AM, Prem Chand wrote:<br>
>>>> My squid cache peer has 3 parent IP’s configured. I need to send HTTPS<br>
>>>> requests to the first parent IP for 30 minutes and after to the 2nd<br>
>>>> parent IP for 30 minutes and then to 3rd IP for 30 minutes and this<br>
>>>> switching needs to happen continuously .Could you please let us know<br>
>>>> how I can achieve this?<br>
>>><br>
>>> If you are OK with hard-coded usage time slots for each peer, then I<br>
>>> would use two[1] "time" ACLs and cache_peer_access rules. Look for<br>
>>> "aclname time" in squid.conf.documented. You will have to generate a<br>
>>> list of (24*2/3=16) staggered time slots for each of the two ACLs, but<br>
>>> it should work. This may be the simplest solution.<br>
>>><br>
>>> [1] You need two ACLs for three peers because the third peer should get<br>
>>> the requests that the first two peers were not allowed to get.<br>
>>><br>
>>> ----<br>
>>><br>
>>> With a modern Squid, you could also implement this using a more flexible<br>
>>> (and more expensive, on several layers!) architecture with two ACLs:<br>
>>><br>
>>> 1. An external ACL that returns the right cache peer name to use via a<br>
>>> keyword=value annotation API. This always-matching ACL should be<br>
>>> attached to http_access or a similar directive that supports slow ACLs.<br>
>>> Its goal is to annotate the request. You will need to write a<br>
>>> script/program that will compute the right annotations based on time or<br>
>>> some other factors. This is where the flexibility of this solution is<br>
>>> coming from.<br>
>>><br>
>>> 2. A "note" ACL attached to cache_peer_access directives, allowing<br>
>>> access to peer X if the external ACL in item 1 returned<br>
>>> use_cache_peer_=X. The "note" ACL is a fast ACL and, hence, can be<br>
>>> reliably used with cache_peer_access.<br>
>>><br>
>>> If you already have another external ACL, you may be able to piggyback<br>
>>> annotations in item 1 to whatever that ACL is already doing.<br>
>>><br>
>>> For more information, search for "keyword=value" and "acl aclname note"<br>
>>> in your squid.conf.documented and see<br>
>>> <a href="https://wiki.squid-cache.org/Features/AddonHelpers#Access_Control_.28ACL" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/Features/AddonHelpers#Access_Control_.28ACL</a>.<br>
>>> 29<br>
>>><br>
>>><br>
>>> HTH,<br>
>>><br>
>>> Alex.<br>
> <br>
<br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature">prem</div>