[squid-users] Website bypass with always-direct

Jorge Bastos mysql.jorge at decimal.pt
Wed Dec 13 23:10:39 UTC 2017


On 2017-12-13 17:12, Amos Jeffries wrote:

> On 14/12/17 05:52, Jorge Bastos wrote: 
> 
>> Howdy,
>> 
>> I'm trying to use always-direct, but maybe I'm doing something wrong.
>> I have:
>> 
>> acl local-servers dstdomain www.myweb.eu [1]
>> always_direct allow local-servers
>> 
>> but the website still appears in the logs, and not doing bypass.
>> What could I be doing wrong?
>> For what I see in the docs it's correct.
> 
> Your understanding of the docs is wrong.
> 
> Once a message arrives at Squid is *cannot* "bypass the proxy" or whatever you want to call it. It MUST be serviced by the proxy.
> 
> "always_direct allow ..." tells Squid to always use DIRECT access to the origin server IPs indicated in DNS records for the URL being fetched. Squid is prohibited from using any cache_peer server connection to service that transaction.
> 
> Its counterpart is the "never_direct allow ..." which tells Squid DNS records MUST NOT be considered, only cache_peer connections are permitted.
> 
> If both of those are "denied" (aka both DNS and cache_peer are permitted) the prefer_direct setting tells Squid whether to try the cache_peer or the DIRECT IPs first.
> 
> The cache_peer_access controls which peers (from multiple) are permitted (or not) to be used for a given transaction.

hi Amos, 

sorry for the dup, it was my fantastic email client fault (outlook
2016). 

Ok, so what would be the directive to allow what i want to achieve? I've
been trying and having no success, 

 

Links:
------
[1] http://www.myweb.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171213/df4d0f35/attachment.html>


More information about the squid-users mailing list