Re: [squid-users] Issue with always_direct and local hosts

From: Amos Jeffries <>
Date: Thu, 18 Nov 2010 21:14:06 +1300

On 18/11/10 08:35, Chris Gallacher wrote:
> Hello,
> I am experiencing issues when trying to configure Squid to bypass my
> companies parent proxy for local hosts. My configuration is as
> follows:
> (User Facing Proxy - Squid)<-> (Parent Proxy - Squid)<-> (Parent
> Proxy - Websense)
> Both of the Squid proxies are running squid-2.7.STABLE8 on Windows
> Server 2003 SP2 boxes.
> Config file for user facing proxy (Stripped to bare essentials for
> troubleshooting):
> ------------------------------------------------------------------------------------------------------------------
> cache_peer parent 8082 0 login=PASS
> connection-auth=on
> append_domain
> acl all src all
> acl localdomain dstdomain
> acl localip dst
> always_direct allow localdomain
> always_direct allow localip
> never_direct allow all
> http_access allow all
> -------------------------------------------------------------------------------------------------------------------
> When trying to access I would expect Squid to
> match this request with the first, and if not the second, of the
> always_direct access lists and connect directly to the internal web
> server, presenting me with my companies main intranet page. Instead I
> am presented with a Websense "Page cannot be displayed" error,
> indicating that the request was in fact forwarded to the Squid parent
> proxy and then on to Websense.
> As you may have guessed I am new to Squid, and to Proxy servers in
> general. If anyone can provide advice regarding where I have went
> wrong with my configuration or which debug sections would best help me
> to understand how requests are being processed by Squid your
> assistance would be greatly appreciated.

That first line should be matching. IIRC "debug_options 28,3 44,3" will
tell you what is going on.

You could also use these this instead of your never_direct line:

   cache_peer_access deny localdomain
   cache_peer_access deny localip
   never_direct allow !localdomain !localip


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for
Received on Thu Nov 18 2010 - 08:14:17 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 18 2010 - 12:00:03 MST