Re: [squid-users] Follow up question from Wiki... "how do I configure Squid not to cache a specific server?" from Amos Jeffries on 2009-05-08 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 09 May 2009 13:42:14 +1200

Cdrack wrote:
> Hi Amos,
> Could you please explain what should by placed instead of ¨squid¨?

-A squid is a local custom chain name in my iptables.

It's created by:
iptables -t nat -N squid
iptables -t nat -A PREROUTING --protocol tcp --dport 80 -j squid

> I ran this
> iptables -t nat -A squid -j DNAT --to-destination 10.0.0.1:81
> But i get this message:
> iptables: No chain/target/match by that name
>
> Seems to me that the ¨-A squid¨ part is what is not working for me.
>
> I have the exact same problem as the guy that opened this thread.
>> If I understand you correctly you want requests sent to a particular site
>> not even to enter Squid yes?
>
> This is correct for me, i want to allow the browser to retrieve the website
> without passing thru squid.
>
> Tnx for your prompt reply.
>
>
> Amos Jeffries-2 wrote:
>>> Hi Folks,
>>>
>>> I need a specific site to completely bypass my squid cache due to a
>>> broken
>>> external webapp.
>>>
>>> I have read the section "how do I configure Squid not to cache a specific
>>> server?" from the wiki, which I can implement with no issues, but what I
>>> am not sure is what this will actually do :)
>>>
>>> Will this allow traffic to pass through squid without caching it, or will
>>> this block the site for users?
>> The bit that says to configure "cache deny" ?
>> Simply prevents storage of the request/reply objects as they go through
>> Squid.
>>
>> If I understand you correctly you want requests sent to a particular site
>> not even to enter Squid yes? once they enter squid there is no bypassing,
>> so it must be done at the firewall.
>> For such sites I use a custom chain a bit like this to decide of the
>> request is intercepted or not (all the lines ending in ACCEPT, are not
>> intercepted):
>> iptables -t nat -A squid -s 10.0.0.1 -j ACCEPT
>> ...
>> iptables -t nat -A squid -j DNAT --to-destination 10.0.0.1:81
>>
>> You want something like:
>> iptables -t nat -A squid -d ip-of-website-to-permit -j ACCEPT
>> in your list of bypasses.
>>
>> Amos
>>
>>
>>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
   Current Beta Squid 3.1.0.7

Received on Sat May 09 2009 - 01:42:22 MDT

This archive was generated by hypermail 2.2.0 : Sun May 10 2009 - 12:00:01 MDT