We have a Squid transparent proxy running, it's great, awesome dare I say. The problem is when some very random sites seem to hate squid. Cox.com is one in particular. Right now we just set an IPtables rule to forward requests to that IP, and not send it to the squid cache.
It would be awesome to have an ACL of "bad" sites that we can setup in squid so that if a client asks for one of these sites, it lets them access it directly, avoiding the squid proxy altogether. Is that possible? Or is iptables the best solution?
Best Answer
If you want to AVOID completely squid, adding exceptions to the transparent proxy iptables redirect rule is way.
You can, however, create an acl in squid for the
always_directdirective. From the squid docs:It doesn't work in all cases, sometimes just avoiding the proxy completely will do.
EDIT: If you use something like shorewall you can create lists that make the exception for the redirect rule easier to manage, but it may be too overkill.