squid never_direct to certain domain and computer

Question

I need configuration squid proxy server to redirect one ip (one user) to parent proxy, also certain domain. My configuration at now :

acl vkdomain dstdomain vkontakte\.ru vk\.ru vk\.com \.vk\.com
    #http_access allow 192.168.35.145 vk
    #http_access allow 192.168.35.146 vk cache_peer 192.168.32.1 parent 9999 proxy-only
 acl vkuser src 192.168.35.145 never_direct allow vkuser vkdomain

on 192.168.32.1 regular hardware router like

score 0 · Accepted Answer · answered Feb 22 '16 at 18:23

There's a great mess in your head. You probably need a spoon to stir it.

First of all, your understanding of squid ACL couldn't be worse. No need to escape non-regexp ACLs:

acl vkdomain dstdomain .vkontakte.ru
acl vkdomain dstdomain .vk.ru 
acl vkdomain dstdomain .vk.com

I'll skip the definition of a parent proxy - this would be your homework. After all, I just cannot configure it - you didn't provide any detail.

acl vkuser src 192.168.35.145/32

The most important part: never_direct should be always combined with always_direct.

always_direct deny vkdomain vkuser
always_direct allow all
never_direct allow vkdomain vkuser
never_direct deny all

And for God's sake, stop using user-to-IP binding, start using authentication. Bind users to their usernames instead. Your approach is insecure and easily overrideable.

Big thank you for answer! I fix it, thank you again – Maksim Kharebov Feb 24 '16 at 12:04 — Maksim Kharebov, Feb 24 '16 at 12:04

squid never_direct to certain domain and computer

1 Answers1