On 18/01/19 4:28 am, Troiano Alessio wrote: > Hello all, > I'm not able to configure squid for using a parent proxy only for some domain. All the rest should be fetched directly. I tried this configuration: > cache_peer 172.31.3.70 parent 8080 0 no-query default name=HUBATLDB > acl domainAT dstdomain voeazul.com.br > cache_peer_access HUBATLDB allow domainAT > never_direct allow domainAT That is the correct design. It does not work for you because you put the wrong domain name in the domainAT ACL. Look at the log carefully. See how the domain the client is asking for is actually "www.voeazul.com.br". Even a single character difference makes it an entirely different domain name - the "www." bit matters. If you want domainAT to do exact-match then you need to add the www.* sub-domain to the list. Like this: acl domainAT dstdomain voeazul.com.br www.voeazul.com.br Or, you can use a wildcard (start with a '.') to match that domain and all its sub-domains. Like this: acl domainAT dstdomain .voeazul.com.br > > But the site www.voeazul.com.br is fetched direct. This is the access log: > %SQUID-4: 172.31.0.82 59719 [17/Jan/2019:22:55:36 +0800] "CONNECT www.voeazul.com.br:443 HTTP/1.1" www.voeazul.com.br - - "-" 200 - 816 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0" TCP_TUNNEL:HIER_DIRECT 23.77.9.57 443 53176 > > Can you help me? > What Squid version are you using? I see config options which are only valid for Squid-3.1 your setup. If you are using an old Squid please try an upgrade, or start planning to do one. There are many security vulnerabilities which affect those very old Squid-3 and some cannot be fixed there, so even versions with LTS security support are vulnerable. Cheers Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
