[squid-users] grouping multiple cache peers possible?

Alex Rousskov rousskov at measurement-factory.com
Wed Dec 22 16:44:44 UTC 2021


On 12/22/21 11:29 AM, roee klinger wrote:
> cache_peer 100.70.162.11 parent 16211 0 proxy-only default name=proxy16211
> cache_peer 100.70.162.12 parent 16212 0 proxy-only default name=proxy16212
> cache_peer 100.70.162.13 parent 16213 0 proxy-only default name=proxy16213
> acl peer_group_162 peername_regex -i proxy162.*\b
> 
> Followed by:
> cache_peer_access peer_group_162 allow admin162

According to documentation, the cache_peer_access directive requires a
peer name (or a peer host name) as the second parameter. Your
configuration is using a string "peer_group_162", which is not a name of
any cache_peer.

AFAICT, while you can use peername_regex to _match_ a group of
cache_peers, you still have to name a specific peer as the second
parameter of the cache_peer_access rule. That effectively defeats the
purpose of using peername_regex in this case! It was wrong for me to
point you in peername_regex direction.

Your configuiration has to have at least one cache_peer_access rule for
each cache_peer.


Sorry,

Alex.


> but I got an error:
> ERROR: /etc/squid/conf.d/admin_allow_peer.conf, line 4: No cache_peer
> 'peer_group_162'
> 
> Should I use http_access instead? I am not sure how to use it, because
> peer_group_162 is an ACL, not a cache_peer.
> 
> Also, is my regex entry correct? I am not sure if \b is supported, and
> if I should add the -i flag or not.
> 
> Thanks alot.
> 
> On Wed, Dec 22, 2021 at 5:27 PM Alex Rousskov wrote:
> 
>     On 12/22/21 10:21 AM, roee klinger wrote:
> 
>     > I have a group of about 6 cache peers:
>     >
>     >     cache_peer 100.70.162.11 parent 16211 0 proxy-only default
>     name=proxy16211
>     >     cache_peer 100.70.162.12 parent 16212 0 proxy-only default
>     name=proxy16212
>     >     cache_peer 100.70.162.13 parent 16213 0 proxy-only default
>     name=proxy16213
>     >
>     >     cache_peer 100.70.163.11 parent 16311 0 proxy-only default
>     name=proxy16311
>     >     cache_peer 100.70.163.12 parent 16312 0 proxy-only default
>     name=proxy16312
>     >     cache_peer 100.70.163.13 parent 16313 0 proxy-only default
>     name=proxy16313
>     >
>     >
>     > I would like to allow user162_acl access only to the peers that ...
>     > have a name that starts with proxy162
> 
>     According to documentation, a peername_regex ACL can do what you want.
> 
>     Alex.
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>
>     http://lists.squid-cache.org/listinfo/squid-users
>     <http://lists.squid-cache.org/listinfo/squid-users>
> 



More information about the squid-users mailing list