I searched a while, but could not find a solution for my specific problem. My local squid (192.168.0.254) queries a parent in a data centre (192.168.50.1). Our DNS-server only has records for 'localdomain', external domains cannot be resolved. The problem is, that you have to configure the browser (e.g. "No proxy for" in Firefox) to bypass the proxy for hosts from localdomain as well as IP-addresses from our net (192.168.0.0/24) for access to the intranet. In order to make it easier, I created to ACLs (local-servers-ip, local-servers-fqdn) and created to 'always_direct' policies. Now forwarding requests to local servers works well, without the need to seperately configure the browser. However, if i request a website (e.g. slashdot.org) it takes about a minute before the page gets loaded. If i remove the "always_direct allow local-servers-ip"-directive, everything gets back to normal speed. Any hints on this one? Attachement: squid.conf (compressed) ------------------------------------ http_port 3128 cache_peer 192.168.50.1 parent 3128 0 no-query default cache_peer_domain 192.168.50.1 !.localdomain hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 32 MB maximum_object_size 40960 KB maximum_object_size_in_memory 512 KB cache_dir ufs /var/spool/squid 100 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none dns_retransmit_interval 5 seconds auth_param basic program /usr/lib/squid/smb_auth -W local auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern -i \.(jpg|jpeg|gif|png|mov|avi|swf|flv)$ 10000 95% 99000 ignore-reload override-expire override-lastmod refresh_pattern -i \.(mpg|mpeg|mid|wav|mp3|pdf|doc)$ 10000 95% 99000 ignore-reload override-expire override-lastmod refresh_pattern -i \.(zip|ace|rar|gz|bz2|rpm|exe|xpi)$ 10000 95% 99000 ignore-reload override-expire override-lastmod refresh_pattern -i . 0 15% 3600 request_timeout 1 minutes acl password proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl local-servers-ip dst 192.168.0.0/24 acl local-servers-fqdn dstdomain .localdomain acl to_localhost dst 127.0.0.0/8 acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow password http_reply_access allow all icp_access allow all always_direct allow local-servers-ip always_direct allow local-servers-fqdn never_direct allow all error_directory /usr/share/squid/errors/German strip_query_terms off coredump_dir /var/spool/squid -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
