[squid-users] squid 5 and parent peers
Markus Moeller
huaraz at moeller.plus.com
Sat Oct 9 23:53:53 UTC 2021
>
>
>"Alex Rousskov" wrote in message
>news:7e75c2bf-51db-f8c3-73f0-ba7fca55efcb at measurement-factory.com...
>
>On 10/9/21 1:46 PM, Markus Moeller wrote:
>> i try to find a way how squid can "route" all Internet
>> domains to a default proxy and a subset of well defined domains to the
>> "special" proxy (and having "internal" traffic based on IP ranges go
>> direct)
>
>Assuming the latter conditions overwrite the former ones, the part that
>remains unclear is what you want Squid to do when the request does not
>match any of the three conditions above. For example, consider a request
>that uses an IP address as a destination, and that IP address is not in
>the "go direct" range, and its reverse DNS lookup is unsuccessful so
>there is no "domain" that the proxy selection rules are based on.
>
Thank you I am aware of these "edge" cases. Do I assume correctly if an IP
use used and no reverse DNS is performed it would forward to the Internet
proxy (in my example)
>Another similar question is what should Squid do with domain names that
>do not resolve to an IP address. Since Squid is configured to use parent
>proxies, Squid could let those proxies try to resolve the domain name,
>blindly assuming that the resolution at a parent proxy will not match
>one of the "go direct" IPs (a matches would possibly indicate that the
>decision to go to a parent proxy was wrong in the first place!).
>
Did I see correctly acls can be build with regex to handle this ? For now I
ignore it.
>The final set of questions deals with HTTPS traffic. For example, if
>clients sent HTTPS requests, are you OK with Squid making routing
>decisions based on the target of the initial CONNECT request?
>
Sorry I don't get this. What is different when using CONNECT to a GET in
regards to routing ?
>
>> Thank you for spotting the !. I got confused with the combinations of
>> the never/always direct statement.
>
>Does your test case work after removing that "!"? If not, please share
>the updated debugging snippets.
>
Yes it looks good now. Thank you.
>
>Thank you,
>
>Alex.
>
>
Thank you for pointing out the "edge" cases
Markus
More information about the squid-users
mailing list