[squid-users] cache_peer / always_direct / subnet

From: Andre Weidner <peter_lustig_at_gmx.de>
Date: Fri, 28 May 2010 11:28:07 +0200

I searched a while, but could not find a solution for my specific problem.
My local squid (192.168.0.254) queries a parent in a data centre (192.168.50.1). Our DNS-server only has records for 'localdomain', external domains cannot be resolved.
The problem is, that you have to configure the browser (e.g. "No proxy for" in Firefox) to bypass the proxy for hosts from localdomain as well as IP-addresses from our net (192.168.0.0/24) for access to the intranet. In order to make it easier, I created to ACLs (local-servers-ip, local-servers-fqdn) and created to 'always_direct' policies.
Now forwarding requests to local servers works well, without the need to seperately configure the browser. However, if i request a website (e.g. slashdot.org) it takes about a minute before the page gets loaded. If i remove the "always_direct allow local-servers-ip"-directive, everything gets back to normal speed. Any hints on this one?

Attachement: squid.conf (compressed)
------------------------------------
http_port 3128
cache_peer 192.168.50.1 parent 3128 0 no-query default
cache_peer_domain 192.168.50.1 !.localdomain
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
maximum_object_size 40960 KB
maximum_object_size_in_memory 512 KB
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
dns_retransmit_interval 5 seconds
auth_param basic program /usr/lib/squid/smb_auth -W local
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern -i \.(jpg|jpeg|gif|png|mov|avi|swf|flv)$ 10000 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(mpg|mpeg|mid|wav|mp3|pdf|doc)$ 10000 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i \.(zip|ace|rar|gz|bz2|rpm|exe|xpi)$ 10000 95% 99000 ignore-reload override-expire override-lastmod
refresh_pattern -i . 0 15% 3600
request_timeout 1 minutes
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl local-servers-ip dst 192.168.0.0/24
acl local-servers-fqdn dstdomain .localdomain
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow password
http_reply_access allow all
icp_access allow all
always_direct allow local-servers-ip
always_direct allow local-servers-fqdn
never_direct allow all
error_directory /usr/share/squid/errors/German
strip_query_terms off
coredump_dir /var/spool/squid

-- 
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
Received on Fri May 28 2010 - 09:28:16 MDT

This archive was generated by hypermail 2.2.0 : Fri May 28 2010 - 12:00:06 MDT