Re: [squid-users] Issue with always_direct and local hosts from Amos Jeffries on 2010-11-18 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 18 Nov 2010 21:14:06 +1300

On 18/11/10 08:35, Chris Gallacher wrote:
> Hello,
>
> I am experiencing issues when trying to configure Squid to bypass my
> companies parent proxy for local hosts. My configuration is as
> follows:
>
> (User Facing Proxy - Squid)<-> (Parent Proxy - Squid)<-> (Parent
> Proxy - Websense)
>
> Both of the Squid proxies are running squid-2.7.STABLE8 on Windows
> Server 2003 SP2 boxes.
>
> Config file for user facing proxy (Stripped to bare essentials for
> troubleshooting):
> ------------------------------------------------------------------------------------------------------------------
> cache_peer parentproxy.mydomain.co.uk parent 8082 0 login=PASS
> connection-auth=on
> append_domain .mydomain.co.uk
>
> acl all src all
> acl localdomain dstdomain .mydomain.co.uk
> acl localip dst 10.0.0.0/8
>
> always_direct allow localdomain
> always_direct allow localip
> never_direct allow all
> http_access allow all
> -------------------------------------------------------------------------------------------------------------------
>
> When trying to access intranet.mydomain.co.uk I would expect Squid to
> match this request with the first, and if not the second, of the
> always_direct access lists and connect directly to the internal web
> server, presenting me with my companies main intranet page. Instead I
> am presented with a Websense "Page cannot be displayed" error,
> indicating that the request was in fact forwarded to the Squid parent
> proxy and then on to Websense.
>
> As you may have guessed I am new to Squid, and to Proxy servers in
> general. If anyone can provide advice regarding where I have went
> wrong with my configuration or which debug sections would best help me
> to understand how requests are being processed by Squid your
> assistance would be greatly appreciated.

That first line should be matching. IIRC "debug_options 28,3 44,3" will
tell you what is going on.

You could also use these this instead of your never_direct line:

   cache_peer_access parentproxy.mydomain.co.uk deny localdomain
   cache_peer_access parentproxy.mydomain.co.uk deny localip
   never_direct allow !localdomain !localip

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for 3.2.0.3

Received on Thu Nov 18 2010 - 08:14:17 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 18 2010 - 12:00:03 MST