Re: [squid-users] Follow up question from Wiki... "how do I configure Squid not to cache a specific server?"

From: Cdrack <cdrackgt_at_yahoo.com>
Date: Sat, 9 May 2009 11:28:38 -0700 (PDT)

Tnx for the reply, I will test it. I just have one more question.

My setup is like this. On my proxy server, i have eth0 connected to the
internet and eth1 connected to the Lan.

My question is, if the request for the website comes from my local Lan and
the iptables rule is intented to not allow squid to intercept that
particular website request, how is the web request handlled? How the request
comming from eth1 will make its way to eth0 ---> website ---> and reply back
to eth0 and send that back to the user in the eth1 network.?

As i said i have not tested this yet, but i would like to understand a
little about how this works.

Tnx for the help.

Amos Jeffries-2 wrote:
>
> Cdrack wrote:
>> Hi Amos,
>> Could you please explain what should by placed instead of ¨squid¨?
>
> -A squid is a local custom chain name in my iptables.
>
> It's created by:
> iptables -t nat -N squid
> iptables -t nat -A PREROUTING --protocol tcp --dport 80 -j squid
>
>
>> I ran this
>> iptables -t nat -A squid -j DNAT --to-destination 10.0.0.1:81
>> But i get this message:
>> iptables: No chain/target/match by that name
>>
>> Seems to me that the ¨-A squid¨ part is what is not working for me.
>>
>> I have the exact same problem as the guy that opened this thread.
>>> If I understand you correctly you want requests sent to a particular
>>> site
>>> not even to enter Squid yes?
>>
>> This is correct for me, i want to allow the browser to retrieve the
>> website
>> without passing thru squid.
>>
>> Tnx for your prompt reply.
>>
>>
>> Amos Jeffries-2 wrote:
>>>> Hi Folks,
>>>>
>>>> I need a specific site to completely bypass my squid cache due to a
>>>> broken
>>>> external webapp.
>>>>
>>>> I have read the section "how do I configure Squid not to cache a
>>>> specific
>>>> server?" from the wiki, which I can implement with no issues, but what
>>>> I
>>>> am not sure is what this will actually do :)
>>>>
>>>> Will this allow traffic to pass through squid without caching it, or
>>>> will
>>>> this block the site for users?
>>> The bit that says to configure "cache deny" ?
>>> Simply prevents storage of the request/reply objects as they go through
>>> Squid.
>>>
>>> If I understand you correctly you want requests sent to a particular
>>> site
>>> not even to enter Squid yes? once they enter squid there is no
>>> bypassing,
>>> so it must be done at the firewall.
>>> For such sites I use a custom chain a bit like this to decide of the
>>> request is intercepted or not (all the lines ending in ACCEPT, are not
>>> intercepted):
>>> iptables -t nat -A squid -s 10.0.0.1 -j ACCEPT
>>> ...
>>> iptables -t nat -A squid -j DNAT --to-destination 10.0.0.1:81
>>>
>>> You want something like:
>>> iptables -t nat -A squid -d ip-of-website-to-permit -j ACCEPT
>>> in your list of bypasses.
>>>
>>> Amos
>>>
>>>
>>>
>>
>
>
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
> Current Beta Squid 3.1.0.7
>
>

-- 
View this message in context: http://www.nabble.com/Follow-up-question-from-Wiki...-%22how-do-I-configure-Squid-not-to-cache-a-specific-server-%22-tp23407536p23463186.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Sat May 09 2009 - 18:28:41 MDT

This archive was generated by hypermail 2.2.0 : Sun May 10 2009 - 12:00:01 MDT