Search squid archive

Re: squid 5 and parent peers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
"Alex Rousskov" wrote in message news:7e75c2bf-51db-f8c3-73f0-ba7fca55efcb@xxxxxxxxxxxxxxxxxxxxxxx... 

On 10/9/21 1:46 PM, Markus Moeller wrote:

i try to find a way how squid can "route" all Internet
domains to a default proxy and a subset of well defined domains to the
"special" proxy (and having  "internal" traffic based on IP ranges go
direct)


Assuming the latter conditions overwrite the former ones, the part that
remains unclear is what you want Squid to do when the request does not
match any of the three conditions above. For example, consider a request
that uses an IP address as a destination, and that IP address is not in
the "go direct" range, and its reverse DNS lookup is unsuccessful so
there is no "domain" that the proxy selection rules are based on.
Thank you I am aware of these "edge" cases. Do I assume correctly if an IP use used and no reverse DNS is performed it would forward to the Internet proxy (in my example) 



Another similar question is what should Squid do with domain names that
do not resolve to an IP address. Since Squid is configured to use parent
proxies, Squid could let those proxies try to resolve the domain name,
blindly assuming that the resolution at a parent proxy will not match
one of the "go direct" IPs (a matches would possibly indicate that the
decision to go to a parent proxy was wrong in the first place!).
Did I see correctly acls can be build with regex to handle this ? For now I ignore it. 


The final set of questions deals with HTTPS traffic. For example, if
clients sent HTTPS requests, are you OK with Squid making routing
decisions based on the target of the initial CONNECT request?
Sorry I don't get this. What is different when using CONNECT to a GET in regards to routing ? 




Thank you for spotting the !. I got confused with the combinations of
the never/always direct statement.


Does your test case work after removing that "!"? If not, please share
the updated debugging snippets.



Yes it looks good now. Thank you.



Thank you,

Alex.



Thank you for pointing out the "edge" cases
Markus 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux