[squid-users] Capture incoming information from one squid
Amos Jeffries
squid3 at treenet.co.nz
Sat Aug 20 10:57:47 UTC 2022
On 20/08/22 11:20, Marcelo wrote:
> Thanks Alex,
>
> 1- Is it possible to provide me with an example of squid.conf of both parent
> and child squids?
>
> I am having very basic doubts about cache_peer and its very hard to find
> complete squid.confs over the internet.
>
FWIW, *complete* squid.conf are usually useless because every network is
different. What you actually want is the *pieces* that do what you need.
> 2- cache-peer really routes the connection to the second squid server or
> just look for a hit in a second server's cache?
> I need the second server to not just authenticate the user, but to know from
> which port the user got in the first squid server in order to forward this
> user through different routes based on this incoming port number.
cache_peer directive is just the settings for *how* to connect to a
particular server. What URL format to use, whether to use TLS/SSL or
not, any non-80/443 port to connect to, what/how to pass login
credentials, etc.
cache_peer_access determines what traffic can (or must) be sent on a TCP
connection setup with a cache_peer's settings.
To pass unusual data like the original client info you should add a
Forwarded header with the relevant details.
So, in your frontend proxy you have:
# Special parent proxy for some traffic
cache_peer ... name=X
# which traffic to send to the special parent
acl specials dstdomain ...
never_direct allow specials
cache_peer_access X allow specials
cache_peer_access X deny all
# markup the traffic with Forwarded details
forwarded_for transparent
request_header_add Forwarded "for=%>a;by=_%lp" specials
In your backend Squid this ACL below matches the Forwarded header
received there. Use it as necessary to decide your traffic handling:
# match when frontend marked port X as receiving
acl portX req_header Forwarded ;by=_X(,|$)
HTH
Amos
More information about the squid-users
mailing list