Search squid archive

Re: unproxying intranet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There is another way to go directly to local intranet servers, only if you're using transparent proxy, i.e., no proxy configured on the clients' browsers. In this case, you could do an exception to the redirect / dst-nat rule when the dst-ip is from your intranet.

Regards
HASSAN



----- Original Message ----- From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: "squid proxy" <squidcache7@xxxxxxxxx>
Cc: "sameer shinde" <s9sameer@xxxxxxxxx>; <squid-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, February 25, 2009 08:43
Subject: Re:  unproxying intranet


squid proxy wrote:
at my squid 3.0 I have the have the following:

acl intranet dstdomain ^http://192.168.0.5

Will never match dstdomain cannot process sub-domain name "^http://192";

always_direct allow intranet

Forces all intranet requests through the proxy to perform DNS lookups and. This is one of _the_ most inefficient ways to do intranet server access with Squid...

cache deny intranet

Prevents storage of intranet files on the proxy - increasing load on network and intranet web servers...

None of that above prevent requests going into and through squid. They just make squid process them in a very inefficient way. You are saved only by the invalid sub-domain on your 'intranet' ACL.

The ONLY way to prevent browsers going through a proxy for particular sites is to configure the browser correctly not to use the proxy for those sites. (WPAD + proxy/pac has already been suggested to you).

If proxy.pac is truely not an option then the requests will end up going through the proxy. The best way to handle it it to permit file caching, and setup a cache_peer + dstdomain ACL, for DNS-free access between the proxy and the intranet servers.

Amos


Piotr


On Tue, Feb 24, 2009 at 2:33 PM, sameer shinde <s9sameer@xxxxxxxxx> wrote:
Hi All,

We've configured squid3.0_Stble1 along with squidguard as our proxy server. The server is working fine along with proxing but the problem is out local intranet sites are also being accessed through proxy server, which increases
unnecessary load on our proxy.
How can I bypass proxy for our local network, so that intranet site will be
directly be accessed without proxy server.

We've IE & firefox at the client site & we've bypassed the local intranet sites in the LAN configuration option of IE, but somehow it is still going to proxy
server.

Any highlights?


~~~~~~~~~~~~~~
Sameer Shinde.
M:- +91 98204 61580
Millions saw the apple fall, but Newton was the one who asked why.



--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
  Current Beta Squid 3.1.0.5



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux