Re: [squid-users] bypassing the proxy for local atomic hostnames

From: Rolf <[email protected]>
Date: Fri, 04 Apr 2003 10:21:14 +1000

Thanks. Still not working. append_domain adds the domain as expected but
still the request is being passed to the upstream cache (outside our net)
which has no knowledge of our hosts, qualified or not.
So always_direct is set as follows

acl local-sites dstdomain .domain.com.au
always_direct allow local-sites

But it makes no difference.

As the always_direct directive is after the proxy-auth directives in
squid.conf, I tried moving it to before that section, so it is now near the
start of the config (I am guessing). No difference.

So immediately after the always_direct I added
http_access allow local-sites

That had the (incidentally desirable) effect of stopping the
username/password prompt occurring when the browser starts, but still the
request was passed to the upstream proxy and failed as before.

I can see that always_direct is the setting but it seems to be being ignored.

Thoughts?

Thanks

Rolf.

>See append_domain and always_direct directives.
>
>Regard
>Henrik
>
>
>Rolf wrote:
> >
> > hello
> >
> > I'm having trouble with configuring squid (2.5stable1) to handle internal,
> > 'intranet' addresses which are not fully qualified.
> >
> > Squid currently is setup to do proxy_auth with active directory group
> > membership as an additional requirement. This is all working fine.
> >
> > When I start the browser it is configured to go to an address of the form
> > http://info/ or http://intranet/dev or similar.
> >
> > Initially it failed with a dns unresolvable error generated bby the
> > upstream (ISP) proxy. Not at all surprising as that cache has no knowledge
> > of our internal dns, where 'info' as a hostname is resolvable.
> >
> > So I tried adjusting the cache config to not let such urls go upstream. In
> > fact I'd just like them to go direct. But this didn't work:
> >
> > acl info url_regex ^http://info/.*
> > always_direct allow info
> >
> > I then tried cache_peer_domain with a !info parameter but then I got an
> > error saying 'unable to forward request at this time', so I don't think
> > that's it.
> >
> > What do I have to set such that unqualified hostnames (and urls that are
> > qualified with our own domain) in urls are sent straight from the proxy to
> > the host specified (a webserver on the same LAN as the proxy)?
> >
> > Is is related that when the browser starts it asks for authentication (a la
> > proxy_auth as above) and once done, ignores the always_direct directive?
> >
> > Many thanks
> >
> > rolf.
Received on Thu Apr 03 2003 - 17:18:35 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:39 MST