Re: [squid-users] ACL problem, can not get never_direct to work.

From: Amos Jeffries <>
Date: Fri, 12 Nov 2010 14:33:26 +1300

On 12/11/10 06:04, Dean Weimer wrote:
> I think I am going nuts, because I can't see what I am doing wrong here, I am trying to send a group of domains through a parent proxy because the proxy forwarding them doesn't have direct access to the websites. These ACL list are before any others in the configuration, but the domains are still trying to go direct.
> # The Parent Configuration
> cache_peer parent 8080 8181 name=PROXY3 no-query no-digest
> #The ACL lines
> acl InternalDNS dstdomain "/usr/local/squid/etc/internal.dns.acl"
> ## Put this in once to verify they above ACL was actually working for the domains
> ## http_access deny InternalDNS
> ## With above uncommented, I got access denied as expected
> ## Here is where I am doing something wrong, that I cannot figure out
> never_direct allow InternalDNS
> always_direct allow !InternalDNS
> cache_peer_access PROXY3 allow InternalDNS
> cache_peer_access PROXY3 deny all

That looks right from the child perspective. always_direct as well as
cache-peer_access denying is a bit of overkill but not too bad.

Use "debug_options 44,3" and see what the peer selection is doing.


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for
Received on Fri Nov 12 2010 - 01:33:30 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 12 2010 - 12:00:02 MST