Re: [squid-users] unproxying intranet from Amos Jeffries on 2009-02-24 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 25 Feb 2009 15:43:22 +1300

squid proxy wrote:
> at my squid 3.0 I have the have the following:
>
> acl intranet dstdomain ^http://192.168.0.5

Will never match dstdomain cannot process sub-domain name "^http://192"

> always_direct allow intranet

Forces all intranet requests through the proxy to perform DNS lookups
and. This is one of _the_ most inefficient ways to do intranet server
access with Squid...

> cache deny intranet

Prevents storage of intranet files on the proxy - increasing load on
network and intranet web servers...

None of that above prevent requests going into and through squid. They
just make squid process them in a very inefficient way. You are saved
only by the invalid sub-domain on your 'intranet' ACL.

The ONLY way to prevent browsers going through a proxy for particular
sites is to configure the browser correctly not to use the proxy for
those sites. (WPAD + proxy/pac has already been suggested to you).

If proxy.pac is truely not an option then the requests will end up going
through the proxy. The best way to handle it it to permit file caching,
and setup a cache_peer + dstdomain ACL, for DNS-free access between the
proxy and the intranet servers.

Amos

>
> Piotr
>
>
> On Tue, Feb 24, 2009 at 2:33 PM, sameer shinde <s9sameer_at_gmail.com> wrote:
>> Hi All,
>>
>> We've configured squid3.0_Stble1 along with squidguard as our proxy server.
>> The server is working fine along with proxing but the problem is out local
>> intranet sites are also being accessed through proxy server, which increases
>> unnecessary load on our proxy.
>> How can I bypass proxy for our local network, so that intranet site will be
>> directly be accessed without proxy server.
>>
>> We've IE & firefox at the client site & we've bypassed the local intranet sites
>> in the LAN configuration option of IE, but somehow it is still going to proxy
>> server.
>>
>> Any highlights?
>>
>>
>> ~~~~~~~~~~~~~~
>> Sameer Shinde.
>> M:- +91 98204 61580
>> Millions saw the apple fall, but Newton was the one who asked why.
>>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.5

Received on Wed Feb 25 2009 - 02:43:03 MST

This archive was generated by hypermail 2.2.0 : Sat Feb 28 2009 - 12:00:02 MST