- Linux Networking
- Networking
- Server Software
- Linux
- Network Management
Using Squid to route requests for a specific sites to another proxy
Hi,
We using a Smoothwall Squid proxy. Which is working fine! We have some access rules configured where requests for specific intranet domains are sent to another upstream squid proxy for resolution etc. This worked well for the last three years. However, we now have a request that some specific intranet websites now need to be sent to another proxy for resolution, and this is where I am having issues! The problem is that regardless of what I do, all requests go to the primary server.
Listed below is information on the upstream proxies:
Upstream Proxy 1 is 10.10.10.10
Upstream Proxy 2 is 11.11.11.11
I have the appropriate acls setup on the local SQUID proxy. They are listed in the code window below.
As you can see the "specific sites" are subsets of the .net.local domain and hence Squid is therefore sending the requests the primary server. If I remove .net.local from the allsites.acl file, then it gets routed to the second proxy. But then, all other .net.local sites requests cause the local SQUID proxy to connect directly to intranet site in question instead of sending it to the upstream proxy.
So I still need all other .net.local sites to go via proxy 1.
Does anybody have an idea on how I can achieve that so that only the specific sites go to proxy 2?
I have tried the urldom_regex option but I get the same results.
We using a Smoothwall Squid proxy. Which is working fine! We have some access rules configured where requests for specific intranet domains are sent to another upstream squid proxy for resolution etc. This worked well for the last three years. However, we now have a request that some specific intranet websites now need to be sent to another proxy for resolution, and this is where I am having issues! The problem is that regardless of what I do, all requests go to the primary server.
Listed below is information on the upstream proxies:
Upstream Proxy 1 is 10.10.10.10
Upstream Proxy 2 is 11.11.11.11
I have the appropriate acls setup on the local SQUID proxy. They are listed in the code window below.
As you can see the "specific sites" are subsets of the .net.local domain and hence Squid is therefore sending the requests the primary server. If I remove .net.local from the allsites.acl file, then it gets routed to the second proxy. But then, all other .net.local sites requests cause the local SQUID proxy to connect directly to intranet site in question instead of sending it to the upstream proxy.
So I still need all other .net.local sites to go via proxy 1.
Does anybody have an idea on how I can achieve that so that only the specific sites go to proxy 2?
I have tried the urldom_regex option but I get the same results.
#allsites upstream proxy
cache_peer 10.10.10.10 parent 8080 0 default no-query login=PASS connect-timeout=30 originserver connection-auth=auto http11
acl allsites dstdom_regex "/var/smoothwall/proxy/advanced/acls/allsites.acl"
never_direct allow allsites.acl
cache_peer_access 10.10.10.10 allow allsites
#specific sites upstream proxy
cache_peer 11.11.11.11 parent 8080 0 no-query login=PASS connect-timeout=30 originserver connection-auth=auto http11
acl allsites dstdom_regex "/var/smoothwall/proxy/advanced/acls/specificsites.acl"
never_direct allow specificsites.acl
cache_peer_access 11.11.11.11 allow specificsites
listing of the allsites.acl file
.net.local
.com
.co.uk
listing of the specificsites.acl file
site.net.local
site4.net.local
Have You tried putting "cache_peer 11.11.11.11" definitions before #allsites? Maybe squid processes them one by one terminating at first match.
I also reccomend matching domaind case-insensitive - option -i
I also reccomend matching domaind case-insensitive - option -i
Hi Ravenpl,
I could never understand what the -i option was! Thanks, will implement that!
I did try to put the he #specificsites before the #allsites (thinking it would work) but it didn't. Thats when I gave up and thought I need expert knowledge on this!
Any other ideas I could try?
Thanks
I could never understand what the -i option was! Thanks, will implement that!
I did try to put the he #specificsites before the #allsites (thinking it would work) but it didn't. Thats when I gave up and thought I need expert knowledge on this!
Any other ideas I could try?
Thanks
-
![]()
received a Solution
Squid 3.0 proxy redirect to another proxy based on domain, with different credentials -
![]()
wrote an Article
How to build your NTP Server Farm with CentOS -
![]()
created a Video
![]()
How to Monitor Bandwidth using SNMP or WMI using PRTG Network Monitor
-
Explore Cloud Class® ![]()
Certification: CCNA Cisco Certified Network Associate - Interconnecting Cisco Networking Devices Part 2
Premium Content
You need an Expert Office subscription to comment.Start Free Trial