[squid-users] Capture incoming information from one squid (Marcelo)

Marcelo marcelorodrigo at graminsta.com.br
Wed Aug 24 21:02:31 UTC 2022 

Thanks a lot Amos!
It was just perfect!

With your examples I did manage to implement almost all I need.

A last thing to implement this already.

Is it possible to change the below port for the same port that user
connected to this child squid?
This way I would not have to use header to send information to the parent
squid. Which would means to change all the incoming port route policy I
already have in place and in production in several VPSs.

Something like "transmit" the incoming port wherever it is, to this port
field below using some wildcard.

cache_peer 200.7.118.226 parent *4370* 0 no-query name=peerREDIRECT
login=PASSTHRU

Thanks a lot again!
Marcelo.



Message: 2
Date: Sat, 20 Aug 2022 22:57:47 +1200
From: Amos Jeffries <squid3 at treenet.co.nz>
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Capture incoming information from one squid
Message-ID: <3e733d49-6108-98d8-7ab5-cae4c2afe6e3 at treenet.co.nz>
Content-Type: text/plain; charset=UTF-8; format=flowed

On 20/08/22 11:20, Marcelo wrote:

> 1- Is it possible to provide me with an example of squid.conf of both 
> parent and child squids?
> 
> I am having very basic doubts about cache_peer and its very hard to 
> find complete squid.confs over the internet.
> 

FWIW, *complete* squid.conf are usually useless because every network is
different. What you actually want is the *pieces* that do what you need.


> 2- cache-peer really routes the connection to the second squid server or
> just look for a hit in a second server's cache?
> I need the second server to not just authenticate the user, but to know
from
> which port the user got in the first squid server in order to forward this
> user through different routes based on this incoming port number.


cache_peer directive is just the settings for *how* to connect to a 
particular server. What URL format to use, whether to use TLS/SSL or 
not, any non-80/443 port to connect to, what/how to pass login 
credentials, etc.

cache_peer_access determines what traffic can (or must) be sent on a TCP 
connection setup with a cache_peer's settings.


To pass unusual data like the original client info you should add a 
Forwarded header with the relevant details.


So, in your frontend proxy you have:

   # Special parent proxy for some traffic
   cache_peer ... name=X

   # which traffic to send to the special parent
   acl specials dstdomain ...

   never_direct allow specials
   cache_peer_access X allow specials
   cache_peer_access X deny all

   # markup the traffic with Forwarded details
   forwarded_for transparent
   request_header_add Forwarded "for=%>a;by=_%lp" specials


In your backend Squid this ACL below matches the Forwarded header 
received there. Use it as necessary to decide your traffic handling:

   # match when frontend marked port X as receiving
   acl portX req_header Forwarded ;by=_X(,|$)



HTH
Amos


------------------------------

Subject: Digest Footer

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


------------------------------

End of squid-users Digest, Vol 96, Issue 37
*******************************************

More information about the squid-users mailing list