Re: unproxying intranet

["Nyamul Hassan" <mnhassan@xxxxxxx>]

There is another way to go directly to local intranet servers, only if 
you're using transparent proxy, i.e., no proxy configured on the clients' 
browsers.  In this case, you could do an exception to the redirect / dst-nat 
rule when the dst-ip is from your intranet.

Regards
HASSAN



----- Original Message ----- 
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: "squid proxy" <squidcache7@xxxxxxxxx>
Cc: "sameer shinde" <s9sameer@xxxxxxxxx>; <squid-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, February 25, 2009 08:43
Subject: Re:  unproxying intranet


> squid proxy wrote:
> > at my squid 3.0 I have the have the following:
> >
> > acl intranet dstdomain ^http://192.168.0.5
>
> Will never match dstdomain cannot process sub-domain name "^http://192";
>
> > always_direct allow intranet
>
> Forces all intranet requests through the proxy to perform DNS lookups and. 
> This is one of _the_ most inefficient ways to do intranet server access 
> with Squid...
>
> > cache deny intranet
>
> Prevents storage of intranet files on the proxy - increasing load on 
> network and intranet web servers...
>
> None of that above prevent requests going into and through squid. They 
> just make squid process them in a very inefficient way. You are saved only 
> by the invalid sub-domain on your 'intranet' ACL.
>
> The ONLY way to prevent browsers going through a proxy for particular 
> sites is to configure the browser correctly not to use the proxy for those 
> sites. (WPAD + proxy/pac has already been suggested to you).
>
> If proxy.pac is truely not an option then the requests will end up going 
> through the proxy. The best way to handle it it to permit file caching, 
> and setup a cache_peer + dstdomain ACL, for DNS-free access between the 
> proxy and the intranet servers.
>
> Amos
>
> > Piotr
> >
> >
> > On Tue, Feb 24, 2009 at 2:33 PM, sameer shinde <s9sameer@xxxxxxxxx> 
> > wrote:
> > > Hi All,
> > >
> > > We've configured squid3.0_Stble1 along with squidguard as our proxy 
> > > server.
> > > The server is working fine along with proxing but the problem is out 
> > > local
> > > intranet sites are also being accessed through proxy server, which 
> > > increases
> > > unnecessary load on our proxy.
> > > How can I bypass proxy for our local network, so that intranet site will 
> > > be
> > > directly be accessed without proxy server.
> > >
> > > We've IE & firefox at the client site & we've bypassed the local 
> > > intranet sites
> > > in the LAN configuration option of IE, but somehow it is still going to 
> > > proxy
> > > server.
> > >
> > > Any highlights?
> > >
> > >
> > > ~~~~~~~~~~~~~~
> > > Sameer Shinde.
> > > M:- +91 98204 61580
> > > Millions saw the apple fall, but Newton was the one who asked why.
>
>
> --
> Please be using
>   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
>   Current Beta Squid 3.1.0.5