On 1/17/19 8:28 AM, Troiano Alessio wrote:
> I'm not able to configure squid for using a parent proxy only for some domain. All the rest should be fetched directly. I tried this configuration:
> cache_peer 172.31.3.70 parent 8080 0 no-query default name=HUBATLDB
> acl domainAT dstdomain voeazul.com.br
> cache_peer_access HUBATLDB allow domainAT
> never_direct allow domainAT
Does turning nonhierarchical_direct off help?
Alex.
> But the site www.voeazul.com.br is fetched direct. This is the access log:
> %SQUID-4: 172.31.0.82 59719 [17/Jan/2019:22:55:36 +0800] "CONNECT www.voeazul.com.br:443 HTTP/1.1" www.voeazul.com.br - - "-" 200 - 816 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0" TCP_TUNNEL:HIER_DIRECT 23.77.9.57 443 53176
>
> Can you help me?
>
> Following the full conf:
>
> #
> # Recommended minimum configuration:
> #
>
> # Example rule allowing access from your local networks.
> # Adapt to list your (internal) IP networks from where browsing
> # should be allowed
> acl localnet src 10.0.0.0/8# RFC1918 possible internal network
> acl localnet src 172.16.0.0/12# RFC1918 possible internal network
> acl localnet src 192.168.0.0/16# RFC1918 possible internal network
> acl localnet src fc00::/7 # RFC 4193 local private network range
> acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
> acl SOC_NET src 172.31.0.0/24# SOC Network
> acl SMD src 10.30.0.47/32 # SMD Proxy
> acl Proxy_HK src 172.31.2.64/27 # Proxy Hong Kong Network
> ignore_expect_100 on
> acl nocachesite dstdomain /etc/squid/nocachesite.acl
>
> acl SSL_ports port 443
> acl SSL_ports port 8443
> acl SSL_ports port 2096 # INC000000012740
> acl SSL_ports port 9091
> acl SSL_ports port 9444 # INC000000013855
> acl SSL_ports port 6082
> acl Safe_ports port 80# http
> acl Safe_ports port 21# ftp
> acl Safe_ports port 443# https
> acl Safe_ports port 70# gopher
> acl Safe_ports port 210# wais
> acl Safe_ports port 1025-65535# unregistered ports
> acl Safe_ports port 280# http-mgmt
> acl Safe_ports port 488# gss-http
> acl Safe_ports port 591# filemaker
> acl Safe_ports port 777# multiling http
> acl CONNECT method CONNECT
>
> forwarded_for delete
> tcp_outgoing_address 172.31.2.71 SMD
>
> #
> # Recommended minimum Access Permission configuration:
> #
> # Only allow cachemgr access from localhost
> http_access allow manager localhost
> http_access allow manager SOC_NET
> http_access deny manager
>
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
>
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
>
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
>
> cache_peer 172.31.3.70 parent 8080 0 no-query default name=HUBATLDB
> acl domainAT dstdomain voeazul.com.br
> cache_peer_access HUBATLDB allow domainAT
> never_direct allow domainAT
>
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
>
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
> http_access allow localnet
> http_access allow localhost
>
> acl PURGE method PURGE
> http_access allow PURGE localhost
> http_access deny PURGE
>
> # And finally deny all other access to this proxy
> http_access deny all
>
> # Squid normally listens to port 3128
> http_port 0.0.0.0:8080
>
> # We recommend you to use at least the following line.
> # migrated automatically by squid-migrate-conf, the original configuration was: hierarchy_stoplist cgi-bin ?
>
> # Uncomment and adjust the following to add a disk cache directory.
> cache_effective_user squid
> cache_effective_group squid
> cache_dir diskd /home/squid 400000 64 512
> cache_mem 4 GB
> maximum_object_size_in_memory 2 MB
> minimum_object_size 0 KB
> maximum_object_size 100 MB
> cache_swap_low 96
> cache_swap_high 97
> memory_replacement_policy lru
> cache_replacement_policy heap LFUDA
> cache deny nocachesite
> cache allow all
> max_filedesc 8192
>
> # Leave coredumps in the first cache dir
> coredump_dir /home/squid
>
> # Add any of your own refresh_pattern entries above these.
> refresh_pattern ^ftp:144020%10080
> refresh_pattern ^gopher:14400%1440
> refresh_pattern -i (/cgi-bin/|\?) 00%0
> refresh_pattern .020%4320
>
> cache_mgr xxx@xxxxxxx
>
> ### BEGIN LOG FOR SIEM ###
>
> #logformat siem %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh %<a %>p
> #access_log /var/log/squid/access.log siem
> logformat custom_squid %%SQUID-4: %>a %>p [%tl] "%rm %ru HTTP/%rv" %<A %ui %un "%rp" %Hs %mt %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh %<a %<p %<lp
> access_log /var/log/squid/rsa/access.log custom_squid
>
> ### END LOG FOR SIEM ###
> dns_v4_first on
> log_icp_queries off
> via off
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
