On 12/11/10 06:04, Dean Weimer wrote:
I think I am going nuts, because I can't see what I am doing wrong here, I am trying to send a group of domains through a parent proxy because the proxy forwarding them doesn't have direct access to the websites. These ACL list are before any others in the configuration, but the domains are still trying to go direct. # The Parent Configuration cache_peer 10.50.20.6 parent 8080 8181 name=PROXY3 no-query no-digest #The ACL lines acl InternalDNS dstdomain "/usr/local/squid/etc/internal.dns.acl" ## Put this in once to verify they above ACL was actually working for the domains ## http_access deny InternalDNS ## With above uncommented, I got access denied as expected ## Here is where I am doing something wrong, that I cannot figure out never_direct allow InternalDNS always_direct allow !InternalDNS cache_peer_access PROXY3 allow InternalDNS cache_peer_access PROXY3 deny all
That looks right from the child perspective. always_direct as well as cache-peer_access denying is a bit of overkill but not too bad.
Use "debug_options 44,3" and see what the peer selection is doing. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3
