Cycling through outbound IP addresses with squid

squid

A Squid server at work is being used to route requests through multiple external IP addresses. I'm doing the named-IP routing with the solution at my own question on Unix.SE. Another piece of the puzzle I need to add now is random selection if the custom header isn't set.

I know there's a 'random' directive that will set an ACL based on a probability, but the examples online are sketchy at best.

I need a way to split all of my traffic randomly across 20 IP addresses, UNLESS a specific header is set, at which point the header (aka ACL) should take priority and force an outbound IP address. How can I do this with ACL in squid?

Best Answer

I'm not a squid expert but i've used it a fair bit and think this might work.

acl random1 random 1/20
acl random2 random 1/20
acl random3 random 1/20
acl random4 random 1/20
acl random5 random 1/20
acl random6 random 1/20
acl random7 random 1/20
acl random8 random 1/20
acl random9 random 1/20
acl random10 random 1/20
acl random11 random 1/20
acl random12 random 1/20
acl random13 random 1/20
acl random14 random 1/20
acl random15 random 1/20
acl random16 random 1/20
acl random17 random 1/20
acl random18 random 1/20
acl random19 random 1/20
acl random20 random 1/20
acl prio1 req_header priohdr 1
acl prio2 req_header priohdr 2
acl prio3 req_header priohdr 3
acl prio4 req_header priohdr 4
acl prio5 req_header priohdr 5
acl prio6 req_header priohdr 6
acl prio7 req_header priohdr 7
acl prio8 req_header priohdr 8
acl prio9 req_header priohdr 9
acl prio10 req_header priohdr 10
acl prio11 req_header priohdr 11
acl prio12 req_header priohdr 12
acl prio13 req_header priohdr 13
acl prio14 req_header priohdr 14
acl prio15 req_header priohdr 15
acl prio16 req_header priohdr 16
acl prio17 req_header priohdr 17
acl prio18 req_header priohdr 18
acl prio19 req_header priohdr 19
acl prio20 req_header priohdr 20
tcp_outgoing_address 10.0.0.1 random1
tcp_outgoing_address 10.0.0.2 random2
tcp_outgoing_address 10.0.0.3 random3
tcp_outgoing_address 10.0.0.4 random4
tcp_outgoing_address 10.0.0.5 random5
tcp_outgoing_address 10.0.0.6 random6
tcp_outgoing_address 10.0.0.7 random7
tcp_outgoing_address 10.0.0.8 random8
tcp_outgoing_address 10.0.0.9 random9
tcp_outgoing_address 10.0.0.10 random10
tcp_outgoing_address 10.0.0.11 random11
tcp_outgoing_address 10.0.0.12 random12
tcp_outgoing_address 10.0.0.13 random13
tcp_outgoing_address 10.0.0.14 random14
tcp_outgoing_address 10.0.0.15 random15
tcp_outgoing_address 10.0.0.16 random16
tcp_outgoing_address 10.0.0.17 random17
tcp_outgoing_address 10.0.0.18 random18
tcp_outgoing_address 10.0.0.19 random19
tcp_outgoing_address 10.0.0.20 random20
tcp_outgoing_address 10.0.0.1 prio1
tcp_outgoing_address 10.0.0.2 prio2
tcp_outgoing_address 10.0.0.3 prio3
tcp_outgoing_address 10.0.0.4 prio4
tcp_outgoing_address 10.0.0.5 prio5
tcp_outgoing_address 10.0.0.6 prio6
tcp_outgoing_address 10.0.0.7 prio7
tcp_outgoing_address 10.0.0.8 prio8
tcp_outgoing_address 10.0.0.9 prio9
tcp_outgoing_address 10.0.0.10 prio10
tcp_outgoing_address 10.0.0.11 prio11
tcp_outgoing_address 10.0.0.12 prio12
tcp_outgoing_address 10.0.0.13 prio13
tcp_outgoing_address 10.0.0.14 prio14
tcp_outgoing_address 10.0.0.15 prio15
tcp_outgoing_address 10.0.0.16 prio16
tcp_outgoing_address 10.0.0.17 prio17
tcp_outgoing_address 10.0.0.18 prio18
tcp_outgoing_address 10.0.0.19 prio19
tcp_outgoing_address 10.0.0.20 prio20

Change 10.0.0.X to your ip addresses for your outgoing connections, obviously those addresses need to be available on the system, so they will need to be static ips.

Change 10.0.0.1 at the end to whatever connection you want the traffic w/header set to use.

The header from the browser needs to have the specified name and have content that matches the regex.

Again Im not an expert but its worth a go.

Also this is 20, 1 in 20 chances to match the random probabilities, it theoretically must match one, but its not guaranteed, so the first line should set the default connection.

Edit:

Updated to allow connection selection, it needs testing, because i can't be 100% sure it will work as required.

Related Topic