We help IT Professionals succeed at work.

Using Squid to route requests for a specific sites to another proxy

za_mkh asked

We using a Smoothwall Squid proxy. Which is working fine! We have some access rules configured where requests for specific intranet domains are sent to another upstream squid proxy for resolution etc. This worked well for the last three years. However, we now have a request that some specific intranet websites now need to be sent to another proxy for resolution, and this is where I am having issues!  The problem is that regardless of what I do, all requests go to the primary server.

Listed below is information on the upstream proxies:

Upstream Proxy 1 is
Upstream Proxy 2 is

I have the appropriate acls setup on the local SQUID proxy. They are listed in the code window below.

As you can see the "specific sites" are subsets of the .net.local domain and hence Squid is therefore sending the requests the primary server. If I remove .net.local from the allsites.acl file, then it gets routed to the second proxy. But then, all other .net.local sites requests cause the local SQUID proxy to connect directly to intranet site in question instead of sending it to the upstream proxy.

So I still need all other .net.local sites to go via proxy 1.

Does anybody have an idea on how I can achieve that so that only the specific sites go to proxy 2?

I have tried the urldom_regex option but I get the same results.
#allsites upstream proxy
cache_peer parent 8080 0 default no-query login=PASS connect-timeout=30 originserver connection-auth=auto http11
acl allsites dstdom_regex "/var/smoothwall/proxy/advanced/acls/allsites.acl"
never_direct allow allsites.acl
cache_peer_access allow allsites

#specific sites upstream proxy
cache_peer parent 8080 0 no-query login=PASS connect-timeout=30 originserver connection-auth=auto http11
acl allsites dstdom_regex "/var/smoothwall/proxy/advanced/acls/specificsites.acl"
never_direct allow specificsites.acl
cache_peer_access allow specificsites

listing of the allsites.acl file

listing of the specificsites.acl file

Open in new window

Watch Question

Top Expert 2005

Have You tried putting "cache_peer" definitions before #allsites? Maybe squid processes them one by one terminating at first match.

I also reccomend matching domaind case-insensitive - option -i
za_mkhIT Manager


Hi Ravenpl,

I could never understand what the -i option was! Thanks, will implement that!

I did try  to put the he #specificsites before the  #allsites (thinking it would work) but it didn't. Thats when I gave up and thought I need expert knowledge on this!

Any other ideas I could try?

Top Expert 2005
Isn't it as simple as denying specificsites to access cache_peer ?

cache_peer_access deny specificsites
cache_peer_access allow allsites
za_mkhIT Manager


Ah .. good idea .. I will try that and get back to you!
za_mkhIT Manager


The only way it worked was to put the "specificsites" ACL config before the "allsites" ACL config, and then to put the deny ACL string the for the allsites ACL config!

Thanks for your help! Really appreciated.