[squid-users] How can I forward most requests to another proxy, except a few domains?
Matthew H
Matthew at marrold.co.uk
Mon Aug 28 00:11:54 UTC 2023
> One possible issue is I'm using "intercept" mode, and a router with
> DSTNAT rules to forward requests to the proxy; however some of the
> documents state that NAT must be done on the squid box itself?
I've since remembered this is not quite accurate. I'm using a DNS
server to reply to all requests with the IP address of the squid
proxy.
If something is accessed directly via IP address its DSTNATed to the proxy
Thanks
On Mon, Aug 28, 2023 at 12:28 AM Matthew H <Matthew at marrold.co.uk> wrote:
>
> Hi all,
>
> I'm trying to use squid to proxy requests to another upstream proxy,
> but a few domains should go direct rather than via a proxy.
>
> I've set up squid with a config that I believe should work, but if I
> try to access http://dialup.cutel.net I get a 403 from squid and don't
> see any requests go out to the origin. Everything via the proxy works
> as expected.
>
> One possible issue is I'm using "intercept" mode, and a router with
> DSTNAT rules to forward requests to the proxy; however some of the
> documents state that NAT must be done on the squid box itself?
>
> Thanks
>
> Config below:
>
> #debug_options ALL,2
>
> debug_options ALL,0 85,2 88,2
>
> # ACL definitions
>
> acl localnet src 127.0.0.1
> acl rfc_1918 src 10.0.0.0/8
> acl rfc_1918 src 172.16.0.0/12
> acl rfc_1918 src 192.168.0.0/16
> acl protoweb src 100.80.13.0/24
> acl direct_sites dstdomain dialup.cutel.net
>
> # Listen directives
> http_port 3128
> http_port 0.0.0.0:8080 intercept
>
> # Only allow localhost to access the squid management interface
> http_access allow localhost manager
> http_access deny manager
>
> # Only allow private and Dial-Up clients to connect to proxy
> http_access allow localnet
> http_access allow rfc_1918
> http_access allow protoweb
> http_access allow direct_sites
> http_access deny all
>
> always_direct allow direct_sites
> always_direct deny all
> never_direct deny direct_sites
> never_direct allow all
>
> cache_peer wayback.protoweb.org parent 7851 0 default proxy-only
More information about the squid-users
mailing list