У меня в настоящее время установлен Squid v3.5.20 на виртуальной машине Centos7. Прокси работает хорошо и блокирует все на ACL блока. Моя проблема идет с файлом PA C. Я хочу обойти прокси для определенных сайтов с файлом PA C путем возврата "DIRECT" ;. Все URL, которые находятся в файле PA C для прямого возврата, все еще проходят через прокси и блокируются. Любые идеи о том, что не так?
PA C файл ниже
function FindProxyForURL(url, host) {
// If the hostname matches the domains below, send direct (bypass proxy).
if (dnsDomainIs(host, ".user.global.local"))
return "DIRECT";
// If the URL matches, send direct.
if (shExpMatch(url, "http://*.gotomeeting.com/*") ||
shExpMatch(url, "https://*.gotomeeting.com/*") ||
shExpMatch(url, "https://maps.google.com/*") ||
shExpMatch(url, "https://www.google.com/maps*") ||
shExpMatch(url, "http://maps.google.com/*") ||
shExpMatch(url, "http://www.google.com/maps*") ||
shExpMatch(url, "http://www.google.com/maps/*") ||
shExpMatch(url, "https://www.google.com/maps/*"))
return "DIRECT";
// If the requested website is hosted within the internal network, send direct.
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
else{
return "PROXY 192.168.1.100:3128"}
}
Squid config
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
#acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
#acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#__________________________________________________________________________________
# Custom ACL DOMAINS Block Lists
#__________________________________________________________________________________
#__________________________________________________________________________________
# Custom ACL Lists
#__________________________________________________________________________________
acl block_manuallist dstdomain "/etc/squid/squid-manual-blacklist.acl"
acl allow_whitelist dstdomain "/etc/squid/squid-whitelist.acl"
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#__________________________________________________________________________________
# Custom HTTP ACCESS ALLOW DOMAINS Lists
#__________________________________________________________________________________
http_access allow allow_whitelist
#__________________________________________________________________________________
# Custom HTTP ACCESS ALLOW DOMAINS Lists
#__________________________________________________________________________________
http_access deny block_manuallist
#__________________________________________________________________________________
# Custom HTTP ACCESS ALLOW EXPRESSIONS/URLS Lists
#__________________________________________________________________________________
#http_access allow allow_whitelist_expressions
#http_access allow allow_whitelist_urls
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 3128
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 20% 4320
append_domain .user.global.local
cache_effective_user squid
cache_effective_group squid