10.11 How Do I ...

New Squid users often ask the same, or similar, questions about getting Squid to forward requests in the right way. Here I'll show you how to configure Squid for some common scenarios.

10.11.1 Send All Requests Through Another Proxy?

You simply need to define a parent and tell Squid it isn't allowed to connect directly to origin servers. For example:

cache_peer parent.host.name parent 3128 0

acl All src 0/0

never_direct allow All

The drawback to this configuration is that Squid can't forward cache misses if the parent goes down. If that happens, your users receive the "cannot forward" error message.

10.11.2 Send All Requests Through Another Proxy Unless It's Down?

Try this configuration:

nonhierarchical_direct off

prefer_direct off

cache_peer parent.host.name parent 3128 0 default no-query

Or, if you'd like to use ICP with the other proxy:

nonhierarchical_direct off

prefer_direct off

cache_peer parent.host.name parent 3128 3130 default

With this configuration, Squid forwards all cache misses to the parent as long as it is alive. Using ICP should cause Squid to detect a dead parent quickly, but at the same time may incorrectly declare the parent dead on occasion.

10.11.3 Make Sure Squid Doesn't Use Neighbors for Some Requests?

Define an ACL to match the special request:

cache_peer parent.host.name parent 3128 0

acl Special dstdomain special.server.name

always_direct allow Special

In this case, cache misses for requests in the special.server.name domain are always sent to the origin server. Other requests may, or may not, go through the parent cache.

10.11.4 Send Some Requests Through a Parent to Bypass Local Filters?

Some ISPs (and other organizations) have upstream providers that force HTTP traffic through a filtering proxy (perhaps with HTTP interception). You might be able to get around their filters if you can use a different proxy beyond their network. Here's how you can send only special requests to the far-away proxy:

cache_peer far-away-parent.host.name parent 3128 0

acl BlockedSites dstdomain www.censored.com

cache_peer_access far-away-parent.host.name allow BlockedSites

never_direct allow BlockedSites


    Appendix A. Config File Reference
     
    ASPTreeView.com
     
    Evaluation has ОНЧ№В·єРУНexpired.
    Info...