Search squid archive

RE: bypass squid for some sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Bill Hughey [mailto:whughey@xxxxxxxxxxxxxxxxx]
> Sent: Monday, September 12, 2005 8:04 AM
> To: squid-users@xxxxxxxxxxxxxxx
> Subject:  bypass squid for some sites
> 
> 
> I am running squid on a LRP box. It is running fine as a transparent
> proxy. I have a group of internal machines going through it, with a
> range of IPs that bypass the proxy using ipchains. Is there a way to
> bypass squid for the machines that normally go through squid to reach
> certain sites? I have tried acls to allow the sites and always_direct,
> but the sites are still much much slower going through the 
> proxy. 

always_direct only has an effect if you are using parent caches.  Once Squid sees the traffic, there is no way for it to not be involved.

> These are the chain rules I am using to start:
> ~
> # Redirect to Squid proxy server:
> ipchains -A input -p tcp -s 0/0 -d 0/0 8080 -j DENY -i eth0 -l
> # Bypass for 192.168.1.8/29 range
> ipchains -A input -p tcp -s ! 192.168.1.8/29 -d 0/0 80 -j 
> REDIRECT 8080
> ~ 
> I want to keep the other machines going through the proxy, except let
> 192.168.1.3 bypass the proxy only to get to sportsonline.com. I'm not
> too good with ipchains, can I make another rule to let only 
> this bypass?
> Thanks,
> Bill
> 

I'm not an ipchains expert, but I think that...

ipchains -A input -p tcp -s 192.168.1.3 -d 206.207.85.33 -j ALLOW

...should effectively ignore traffic between that client and that host.  Put this rule in front of the "# Bypass for..." rule.

Chris


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux