[squid-users] Website bypass with always-direct
Amos Jeffries
squid3 at treenet.co.nz
Wed Dec 13 17:12:27 UTC 2017
On 14/12/17 05:52, Jorge Bastos wrote:
> Howdy,
>
> I'm trying to use always-direct, but maybe I'm doing something wrong.
> I have:
>
> acl local-servers dstdomain www.myweb.eu
> always_direct allow local-servers
>
> but the website still appears in the logs, and not doing bypass.
> What could I be doing wrong?
> For what I see in the docs it's correct.
Your understanding of the docs is wrong.
Once a message arrives at Squid is *cannot* "bypass the proxy" or
whatever you want to call it. It MUST be serviced by the proxy.
"always_direct allow ..." tells Squid to always use DIRECT access to the
origin server IPs indicated in DNS records for the URL being fetched.
Squid is prohibited from using any cache_peer server connection to
service that transaction.
Its counterpart is the "never_direct allow ..." which tells Squid DNS
records MUST NOT be considered, only cache_peer connections are permitted.
If both of those are "denied" (aka both DNS and cache_peer are
permitted) the prefer_direct setting tells Squid whether to try the
cache_peer or the DIRECT IPs first.
The cache_peer_access controls which peers (from multiple) are permitted
(or not) to be used for a given transaction.
Amos
More information about the squid-users
mailing list