Search squid archive

Re: Issue with always_direct and local hosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 18/11/10 08:35, Chris Gallacher wrote:
Hello,

I am experiencing issues when trying to configure Squid to bypass my
companies parent proxy for local hosts. My configuration is as
follows:

(User Facing Proxy - Squid)<->  (Parent Proxy - Squid)<->  (Parent
Proxy - Websense)

Both of the Squid proxies are running squid-2.7.STABLE8 on Windows
Server 2003 SP2 boxes.

Config file for user facing proxy (Stripped to bare essentials for
troubleshooting):
------------------------------------------------------------------------------------------------------------------
cache_peer parentproxy.mydomain.co.uk parent 8082 0 login=PASS
connection-auth=on
append_domain .mydomain.co.uk

acl all src all
acl localdomain dstdomain .mydomain.co.uk
acl localip dst 10.0.0.0/8

always_direct allow localdomain
always_direct allow localip
never_direct allow all
http_access allow all
-------------------------------------------------------------------------------------------------------------------

When trying to access intranet.mydomain.co.uk I would expect Squid to
match this request with the first, and if not the second, of the
always_direct access lists and connect directly to the internal web
server, presenting me with my companies main intranet page. Instead I
am presented with a Websense "Page cannot be displayed" error,
indicating that the request was in fact forwarded to the Squid parent
proxy and then on to Websense.

As you may have guessed I am new to Squid, and to Proxy servers in
general. If anyone can provide advice regarding where I have went
wrong with my configuration or which debug sections would best help me
to understand how requests are being processed by Squid your
assistance would be greatly appreciated.


That first line should be matching. IIRC "debug_options 28,3 44,3" will tell you what is going on.


You could also use these this instead of your never_direct line:

  cache_peer_access parentproxy.mydomain.co.uk deny localdomain
  cache_peer_access parentproxy.mydomain.co.uk deny localip
  never_direct allow !localdomain !localip

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.9
  Beta testers wanted for 3.2.0.3


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux