Re: FW: [squid-users] Bypassing Squid completely for specific domains/IPs

From: Michael Alger <squid_at_mm.quex.org>
Date: Tue, 16 Sep 2008 19:13:35 +0800

On Mon, Sep 15, 2008 at 03:30:37PM +0200, Mike Raath wrote:
> proxy.pac may be an option, but if possible I'd like to keep the
> zero configuration element of a transparent proxy.

The best solution is to bypass your interception completely for
those particular servers (based on their IP). Is this an option? How
are you doing the interception at present, e.g. netfilter REDIRECT
or WCCP or...? You should be able to prevent certain traffic from
being redirected to squid in the first place.

> Amos - I'm not quite sure how to integrate your suggestion with
> what I had. Bear in mind that the IP address specified in the
> request could be anything from localhost (developer's own box
> although in this case it won't hit the proxy), development server,
> test server or live server. Defining a cache-peer as you have it
> there assumes everyone will be looking at the same box at the same
> time, which would mean I could define the entry in the DNS
> forwarding, unless I've misunderstood you.
>
> I can't do that simply because during a normal dev sprint
> developers would be pointing at a dev server, testers at a test
> server, and product owners/others would be looking at live.

Did you see my reply, which is basically an extension of Amos'
method? So long as the servers have fixed IPs and there aren't too
many of them that could work. But I'd really try to bypass the
interception if at all possible, because it would be a lot simpler
to manage long-term.

I don't think squid has any options to use the IP the client
originally connected to. I'm not even sure if squid is ever actually
aware of what that IP is.
Received on Tue Sep 16 2008 - 11:13:39 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 16 2008 - 12:00:03 MDT