Re: [squid-users] Help getting squid configured

You say, "I know this is true", and then proceed to say that you want a
magical solution anyway.

Again, Squid is operating at the application layer. You /cannot/ do
what you're asking within Squid--you /can/ do what you're asking by
allowing clients (or causing clients) to bypass Squid for that one site.
  I'm sorry you need to access a site that won't allow proxied
connections--if you need to proxy all connections, and access this site,
you'll need to take it up with maintainers of the problem site. Squid
cannot accept the connection, and then not be a proxy--when Squid
accepts that connection the proxy is already in the path, and all Squid
could ever do would be to close the connection or make the request on
behalf of the client. Closing the connection will cause and error,
making the request means the request is proxied.

Let's review:

Squid is an application level proxy.

Squid can either proxy the request or close the connection. It cannot
route the request untouched because it has already conversed with the
client by the time the request is known.

If a site cannot be proxied, then you need to get the proxy out of the
loop for that site. A proxy proxies, it doesn't route.

Them's the breaks, Chris. You've already mentioned the solution:
"Otherwise, I will have to have a special exception added to the
firewall"...Yep, that's what you have to do. Or not use the site that
won't allow proxied clients to use it (or talk them into fixing their
site--proxies are a legitimate part of the internet, and the person that
ought to be dealing with this problem is the maintainer of the site that
won't allow a proxy to access it).

ChrisHoover@safety-kleen.com wrote:
> I know this is true, but what I really need to have happen is when squid
> gets request for the TROUBLE site to just send the requests straight to
> the site. I really need to have all requests come through the squid
> server since that is the company direction. Otherwise, I will have to have
> a special exception added to the firewall since no web request can get out
> w/o going through the proxy.
>
> So, is there a way to setup a rule that says if request is going to site x
> don't "mess" with it just send it on?
>
> Thanks,
>
> Chris
>
> Joe Cooper <joe@swelltech.com>
> 08/23/2002 02:00 PM
>
>
> To: ChrisHoover@safety-kleen.com, squid-users@squid-cache.org
> cc:
> Subject: Re: [squid-users] Help getting squid configured
>
>
> First point: Squid can never be configured to not proxy something--once
> the packet hits Squid, it can only proxy it. So if you need a direct
> client->server connection, you need to make the client bypass Squid. To
> be more verbose, Squid is an application level proxy and as such it
> doesn't have the option to 'not bother the requests', it can either
> accept the connection or refuse it, neither of which is what you're
> asking for. If it accepts the request it has to proxy it--it can't
> reinject it back into the routing path without making a new request
> itself (which 'bothers' the request).
>
> Solutions: If running an interception proxy, add a bypass rule to
> either your router (if using WCCP) or your proxy OS rules (if using OS
> port redirection). If running a traditional proxy, add the site to the
> list of sites that aren't retrieved through the proxy (this is in the
> browser configuration somewhere).
>
> ChrisHoover@safety-kleen.com wrote:
>
>>I need some help, I submitted a problem the other day and have not
>
> gotten
>
>>any responses (e-mail Help with problem site). Anyway, this site is
>>giving me fits and I need help getting squid configured to not bother
>>requests to this site and to cleanly pass the packets back and forth
>>between the end user and the site. Can someone please help me get this
>>configured.
>>
>>I'm running 2.4-STABLE7 on Redhat Linux 7.1.
>>
>>Thanks,
>>
>>Chris
>
>
>

-- 
Joe Cooper <joe@swelltech.com>
Web caching appliances and support.
http://www.swelltech.com