"Kundiger, Rick" wrote: > When adding any text after the "no-query" (ie acl hq_intranet) and so on I > crash on startup.
There is no cache_peer option called hq_intranet, but there is an option called "no-query" which disables the use of ICP. See the cache_peer documentation. > If I separate the lines it starts fine but it doesn't do what I want. > > If I set the proxy to cache_peer proxy.hq.foow.foo.com parent 8080 3120 > proxy-only no-query" I send everything to HQ but still cannot go into the > intranet. What is beeing sent to a peer is controlled by other cache_peer_access, and also always_direct/never_direct. > Well, very strange, if I am sending all requests to HQ proxy (if I set my > proxy to HQ I can get into intranet) I still can't get into intranet. So, > there must be something else blocking me. I think I am going to give up, > call the firewall dorks and have them just add my darn proxy into their > rules to let me in. I hate admitting defeat but I think I may have to in > this case. I don't think you actually sent the requests to the HQ proxy. Not unless you were also using "never_direct allow all". See the "prefer_direct" directive why.. What did you get in your Squids access.log? The hierarchy column tells in detail where a request was sent. Try this configuration: acl hq_intranet dstdomain .hq.foow.foo.com cache_peer proxy.hq.foow.foo.com parent 8080 0 proxy-only no-query cache_peer_access proxy.hq.foow.foo.com allow hq_intranet never_direct allow hq_intranet The above configuration tells that * there is a "hq_intranet" which is any hosts within the hq.foow.foo.com domain. * there is a proxy.hq.foow.foo.com parent * this parent should only be used for the "hq_intranet" * and Squid MUST use a parent to reach "hq_intranet" no matter if it makes sense for caching or not. Regards Henrik
