Squid reply_header_access configuration

Squid is a web cache that caches web content, and returns it quickly on request. Handling a request through squid is frequently faster than a general-purpose webserver even for simple files (e.g. images), but it really comes into its own for caching pages that are dynamically generated, which can be expensive and slow. It thus allows you to build your pages dynamically but lets you serve a static, cached copy quickly to requesters. There's a lot of configuration possible about how long it caches for, which pages it caches, and how to invalidate a cached result.

For instance, Wikipedia uses caches (squid and others) as a content accelerator, so that every hit on a page doesn't make it be regenerated from the database through a lot of PHP. When pages are changed, the cache entry is invalidated.

Ok so in the end i did it! It was not an easy task and I've been trough literally a nightmare of documentation and some serious amount of caffeine and nicotine :)

Keepalived with VRRP was the ultimate solution; i couldn't achieve full load balancing trough a single IP address so instead I've used 2 Virtual IPs shared trough the 2 boxes. On the juniper side I've created 2 policies for routing and split the ip addresses of web servers in half and for each used one of the VIP as the next hop. Configured squid and iptables to intercept the traffic on both VIP trough the TPROXY directive and everything seems to work fine now.

Will keep this question updated and post the configuration files as others may want to achieve the same, so let's not re-invent the wheel