[squid-users] Cache_peer based on destination's geoip

Hello list, Some medieval country that shall remain unnamed is blocking access to some specific websites, but the list of websites is huge, dynamic, and not public. I have two proxy servers, one of which is located outside of this firewall, but access to this proxy server is slower than to the local one. I would like to configure the local proxy to use a peer cache based on the geoip address of the destination. If the required object belongs to a specific country then the request will go through the second proxy. I know about the cache_peer_domain option, but I would like to use a geoip based solution. So this is what I came up with: external_acl_type GeoIP ttl=1 negative_ttl=1 children=1 concurrency=0 %DST /var/tmp/acl_geoip.pl acl AclGeoIP external GeoIP cache_peer 10.160.48.250 sibling 8080 0 name=external_proxy cache_peer_access external_proxy allow AclGeoIP cache_peer_access external_proxy deny all /var/tmp/acl_geoip.pl is a dummy script that logs its input and returns "OK": #!/usr/bin/perl open FD, ">/tmp/test.$$"; select FD; $|=1; select STDOUT; $|=1; print FD "Starting $0 with parameters: "..join(', ',@ARGV)."\n"; while (<STDIN>) {     print FD $_;     print "OK\n"; } close FD; I can see the "Starting xxx with parameters xxx" in the log file, but nothing else is written. This is what I get on the logs when visiting yahoo: 2009/10/26 16:08:10.776| FwdState::start() 'http://www.yahoo.com/' 2009/10/26 16:08:10.776| StoreEntry::lock: key '312257ED4F8C8AE02ABE51C413EC3927' count=2 2009/10/26 16:08:10.776| peerSelect: http://www.yahoo.com/ 2009/10/26 16:08:10.776| StoreEntry::lock: key '312257ED4F8C8AE02ABE51C413EC3927' count=3 2009/10/26 16:08:10.776| peerSelectFoo: 'GET www.yahoo.com' 2009/10/26 16:08:10.776| peerCheckNetdbDirect: MY RTT = 0 msec 2009/10/26 16:08:10.776| peerCheckNetdbDirect: minimum_direct_rtt = 400 msec 2009/10/26 16:08:10.776| peerCheckNetdbDirect: MY hops = 0 2009/10/26 16:08:10.776| peerCheckNetdbDirect: minimum_direct_hops = 4 2009/10/26 16:08:10.776| whichPeer: from 0.0.0.0 port 0 2009/10/26 16:08:10.776| peerSelectFoo: direct = DIRECT_MAYBE 2009/10/26 16:08:10.776| peerDigestLookup: peer 10..160.48.250 2009/10/26 16:08:10.776| aclCheckFast: list: 0xb81bc748 2009/10/26 16:08:10.776| ACLChecklist::preCheck: 0xbfa30b24 checking 'cache_peer_access external_proxy allow AclGeoIP' 2009/10/26 16:08:10.776| ACLList::matches: checking AclGeoIP 2009/10/26 16:08:10.776| ACL::checklistMatches: checking 'AclGeoIP' 2009/10/26 16:08:10.776| aclMatchExternal: GeoIP("www.yahoo.com") = lookup needed 2009/10/26 16:08:10.776| aclMatchExternal: "www.yahoo.com": entry=@0, age=0 2009/10/26 16:08:10.776| aclMatchExternal: "www.yahoo.com": queueing a call. 2009/10/26 16:08:10.776| aclMatchExternal: "www.yahoo.com": return -1. 2009/10/26 16:08:10.776| ACL::ChecklistMatches: result for 'AclGeoIP' is -1 2009/10/26 16:08:10.776| ACLList::matches: result is false 2009/10/26 16:08:10.776| aclmatchAclList: 0xbfa30b24 returning false (AND list entry failed to match) 2009/10/26 16:08:10.776| aclmatchAclList: async=0 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 0 2009/10/26 16:08:10.776| ACLChecklist::preCheck: 0xbfa30b24 checking 'cache_peer_access external_proxy deny all' 2009/10/26 16:08:10.776| ACLList::matches: checking all 2009/10/26 16:08:10.776| ACL::checklistMatches: checking 'all' 2009/10/26 16:08:10.776| aclMatchIp: '172.16.10.10' found 2009/10/26 16:08:10.776| ACL::ChecklistMatches: result for 'all' is 1 2009/10/26 16:08:10.776| ACLList::matches: result is true So the acl is evaluated, returns false, and the log file doesn't have any output.  How come? Thanks for your help, and sorry for the long message.
Received on Mon Oct 26 2009 - 08:06:32 MDT