Hi Amos, Here is the squid.conf file: acl localnet src 172.16.0.0/16 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl journals dstdomain "/etc/squid/UPF_LIST.txt" cache_peer proxy-inst.upf.edu parent 9090 0 no-query no-digest default cache_peer_access proxy-inst.upf.edu allow journals always_direct allow journals # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 8881 coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 And this is an extract of the log: [Thu Jun 8 09:47:15 2017].269 57 172.18.2.45 TCP_MISS/200 874 POST http://clients1.google.com/ocsp - HIER_DIRECT/216.58.204.142 application/ocsp-response [Thu Jun 8 09:47:16 2017].128 57 172.18.2.45 TCP_MISS/200 874 POST http://clients1.google.com/ocsp - HIER_DIRECT/216.58.204.142 application/ocsp-response [Thu Jun 8 09:47:16 2017].331 56 172.18.2.45 TCP_MISS/200 874 POST http://clients1.google.com/ocsp - HIER_DIRECT/216.58.204.142 application/ocsp-response [Thu Jun 8 09:47:20 2017].258 111 172.18.2.45 TCP_MISS/200 967 POST http://ocsp.usertrust.com/ - HIER_DIRECT/178.255.83.1 application/ocsp-response [Thu Jun 8 09:47:21 2017].250 56 172.18.2.45 TCP_MISS/200 874 POST http://clients1.google.com/ocsp - HIER_DIRECT/216.58.204.142 application/ocsp-response [Thu Jun 8 09:47:21 2017].459 47 172.18.2.45 TCP_MISS/200 924 POST http://ocsp.digicert.com/ - HIER_DIRECT/93.184.220.29 application/ocsp-response [Thu Jun 8 09:47:23 2017].744 185 172.18.2.45 TCP_MISS/302 615 GET http://wos.fecyt.es/ - HIER_DIRECT/185.79.129.106 text/html [Thu Jun 8 09:47:24 2017].005 104 172.18.2.45 TCP_MISS/200 2067 POST http://ss.symcd.com/ - HIER_DIRECT/23.37.171.27 application/ocsp-response [Thu Jun 8 09:47:25 2017].902 5105 172.18.2.45 TCP_TUNNEL/200 5792 CONNECT www.recursoscientificos.fecyt.es:443 - HIER_DIRECT/185.79.129.106 - [Thu Jun 8 09:47:27 2017].980 65 172.18.2.45 TCP_MISS/200 924 POST http://ocsp.digicert.com/ - HIER_DIRECT/93.184.220.29 application/ocsp-response [Thu Jun 8 09:47:28 2017].394 211 172.18.2.45 TCP_MISS/200 488 GET http://detectportal.firefox.com/success.txt - HIER_DIRECT/88.221.254.202 text/plain [Thu Jun 8 09:47:28 2017].786 46 172.18.2.45 TCP_MISS/200 924 POST http://ocsp.digicert.com/ - HIER_DIRECT/93.184.220.29 application/ocsp-response [Thu Jun 8 09:47:28 2017].809 8785 172.18.2.45 TCP_TUNNEL/200 54093 CONNECT www.recursoscientificos.fecyt.es:443 - HIER_DIRECT/185.79.129.106 - [Thu Jun 8 09:47:30 2017].094 5079 172.18.2.45 TCP_TUNNEL/200 333 CONNECT idp.fecyt.es:443 - HIER_DIRECT/185.79.129.106 - [Thu Jun 8 09:47:30 2017].094 5079 172.18.2.45 TCP_TUNNEL/200 331 CONNECT idp.fecyt.es:443 - HIER_DIRECT/185.79.129.106 - [Thu Jun 8 09:47:30 2017].120 5106 172.18.2.45 TCP_TUNNEL/200 331 CONNECT idp.fecyt.es:443 - HIER_DIRECT/185.79.129.106 - [Thu Jun 8 09:47:30 2017].144 5130 172.18.2.45 TCP_TUNNEL/200 332 CONNECT idp.fecyt.es:443 - HIER_DIRECT/185.79.129.106 - [Thu Jun 8 09:47:30 2017].147 5133 172.18.2.45 TCP_TUNNEL/200 333 CONNECT idp.fecyt.es:443 - HIER_DIRECT/185.79.129.106 - [Thu Jun 8 09:47:30 2017].374 6567 172.18.2.45 TCP_TUNNEL/200 108115 CONNECT idp.fecyt.es:443 - HIER_DIRECT/185.79.129.106 - As you can see, always is going direct, but when going to idp.fecyt.es should be going through the peer, as the file UPF_LIST.txt has: https://idp.fecyt.es https://idp.fecyt.es/ https://idp.fecyt.es/* among other lines. Regards, -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries Sent: martes, 6 de junio de 2017 18:18 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Cache peer help On 07/06/17 02:24, Alejandro Delgado Moreno wrote: > Sorry for this mistake, > > It's: > > acl journals dstdomain "/etc/squid/xx_LIST.txt" > > cache_peer xxx.xxx.xxx.xxx parent 9090 0 no-query no-digest default > > cache_peer_access xxx.xxx.xxx.xxx allow journals > > and it's the same, in both lines. Okay then the issue is something else, those lines in isolation are correct for allowing traffic to use that peer, but there are many other things that may make other routes either required or preferred. So what is the rest of your squid.conf and can you provide a sample of the access.log for the traffic going wrong? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
