I think I am going nuts, because I can't see what I am doing wrong here, I am trying to send a group of domains through a parent proxy because the proxy forwarding them doesn't have direct access to the websites. These ACL list are before any others in the configuration, but the domains are still trying to go direct.
# The Parent Configuration cache_peer 10.50.20.6 parent 8080 8181 name=PROXY3 no-query no-digest #The ACL lines acl InternalDNS dstdomain "/usr/local/squid/etc/internal.dns.acl" ## Put this in once to verify they above ACL was actually working for the domains ## http_access deny InternalDNS ## With above uncommented, I got access denied as expected ## Here is where I am doing something wrong, that I cannot figure out never_direct allow InternalDNS always_direct allow !InternalDNS cache_peer_access PROXY3 allow InternalDNS cache_peer_access PROXY3 deny all All sites in the ACL still attempt to go direct instead of forwarding to the parent Squid -k parse shows no errors Squid -k reconfigure was run, Output from the cache.log shows the parent was configured: 2010/11/11 16:43:04| Configuring Parent 10.50.20.6/8080/8181 2010/11/11 16:43:04| Loaded Icons. 2010/11/11 16:43:04| Ready to serve requests. No errors are present after this in the cache.log, but the access.log still shows the sites going direct: 1289494760.992 5408 10.100.10.9 TCP_MISS/000 0 GET http://www.orscheln.com/ - DIRECT/www.orscheln.com - When I had the http_access deny line in to verify the domains were correctly being seen by the acl: 1289493703.745 0 10.100.10.9 TCP_DENIED/403 2540 GET http://www.orscheln.com/ - NONE/- text/html Thanks, Dean Weimer Network Administrator Orscheln Management Co
