Re: FW: [squid-users] Bypassing Squid completely for specific domains/IPs

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 16 Sep 2008 23:56:22 +1200

Mike Raath wrote:
> proxy.pac may be an option, but if possible I'd like to keep the zero
> configuration element of a transparent proxy.
>
> Amos - I'm not quite sure how to integrate your suggestion with what I
> had. Bear in mind that the IP address specified in the request could
> be anything from localhost (developer's own box although in this case
> it won't hit the proxy), development server, test server or live
> server. Defining a cache-peer as you have it there assumes everyone
> will be looking at the same box at the same time, which would mean I
> could define the entry in the DNS forwarding, unless I've
> misunderstood you.
>
> I can't do that simply because during a normal dev sprint developers
> would be pointing at a dev server, testers at a test server, and
> product owners/others would be looking at live.
>
> Bear in mind that in almost all cases traffic will be normal browsing
> traffic, and caching is exactly what I want. But in this specific case
> I need to be able to bypass not only the cache, but also the proxy.
> And everyone in the office has a laptop which means that they
> regularly connect to different APs, so setting proxy information
> manually would be a major pain.

The cache_peer_access options in Squid can be used with any of the
request ACL, and cache_peer can have multiple entries.

As long as you can define explicitly who is meant to be going where it
can be written as ACL in squid.conf and the same request from different
people routed anywhere.

May take a little getting your head around the possibilities, but once
you do you will find it an easier way to run things.

Arbitrarily complex:
  ie
   user B it goes to server B no matter the source
   machines in subnet A aways go to server A
   user C from machine D goes to Server B
etc, etc.

add on top external ACL feature, which can pull settings from a database
or arbitrary information source. And you have a real-time plug-n-play
access system for any number of source servers.

Amos

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
Received on Tue Sep 16 2008 - 11:56:26 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 16 2008 - 12:00:03 MDT