On 12/11/10 06:04, Dean Weimer wrote:
I think I am going nuts, because I can't see what I am doing wrong here, I am
trying to send a group of domains through a parent proxy because the proxy
forwarding them doesn't have direct access to the websites. These ACL list are
before any others in the configuration, but the domains are still trying to go
direct.
# The Parent Configuration
cache_peer 10.50.20.6 parent 8080 8181 name=PROXY3 no-query no-digest
#The ACL lines
acl InternalDNS dstdomain "/usr/local/squid/etc/internal.dns.acl"
## Put this in once to verify they above ACL was actually working for the
domains
## http_access deny InternalDNS
## With above uncommented, I got access denied as expected
## Here is where I am doing something wrong, that I cannot figure out
never_direct allow InternalDNS
always_direct allow !InternalDNS
cache_peer_access PROXY3 allow InternalDNS
cache_peer_access PROXY3 deny all
That looks right from the child perspective. always_direct as well as
cache-peer_access denying is a bit of overkill but not too bad.
Use "debug_options 44,3" and see what the peer selection is doing.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3
