[squid-users] ICAP response to avoid backend
Ed Neville
ed-squid-cache at s5h.net
Tue Feb 27 09:23:06 UTC 2024
On 2024-02-27 12:38+1300, Amos Jeffries wrote:
> On 26/02/24 06:52, Ed wrote:
> >
> > acl bad_foo req_header ICAPHEADER -i foobar
> > cache_peer_access server_1 deny bad_foo
> Assuming that an ICAP service is controlling whether the peers are to
> be used that is the correct way.
>
> However, if you have an ICAP service controlling whether a peer can be
> used consider having the ICAP service just send Squid the final
> response. There is a relatively huge amount of complexity, both in the
> config and what Squid has to do slowing the transaction down just for
> this maybe-a-HIT behaviour.
Yes, it would be best if the traffic wasn't there sometimes :)
> Alternatives to "cache_peer_access .. deny bad_foo" are:
> ...
> B) "miss_access deny bad_foo",
I think your suggestion of B suits best, thank you very much as that
saves me using multiple cache_peer_access lines. Something didn't feel
right with what I was doing, and asking for an alternative was the right
thing to do.
Many thanks,
Ed
More information about the squid-users
mailing list