[squid-users] Website bypass with always-direct

Amos Jeffries squid3 at treenet.co.nz
Wed Dec 13 17:12:27 UTC 2017


On 14/12/17 05:52, Jorge Bastos wrote:
> Howdy,
> 
> I'm trying to use always-direct, but maybe I'm doing something wrong.
> I have:
> 
> acl local-servers dstdomain www.myweb.eu
> always_direct allow local-servers
> 
> but the website still appears in the logs, and not doing bypass.
> What could I be doing wrong?
> For what I see in the docs it's correct.

Your understanding of the docs is wrong.

Once a message arrives at Squid is *cannot* "bypass the proxy" or 
whatever you want to call it. It MUST be serviced by the proxy.

"always_direct allow ..." tells Squid to always use DIRECT access to the 
origin server IPs indicated in DNS records for the URL being fetched. 
Squid is prohibited from using any cache_peer server connection to 
service that transaction.

Its counterpart is the "never_direct allow ..." which tells Squid DNS 
records MUST NOT be considered, only cache_peer connections are permitted.

If both of those are "denied" (aka both DNS and cache_peer are 
permitted) the prefer_direct setting tells Squid whether to try the 
cache_peer or the DIRECT IPs first.


The cache_peer_access controls which peers (from multiple) are permitted 
(or not) to be used for a given transaction.

Amos


More information about the squid-users mailing list