How to use configure Squid proxy to access both Internet and internal websites.

Jephe Wu -

Environment: company ( LAN ( is connected to Internet through lease line, the proxy server, which is also firewall, running Squid 2.6 for LAN users to access Internet. Another proxy( the LAN, which is also firewall, connected to company headquarter office through lease line for users to access some internal websites.

Objective: Users only use as Internet proxy to access both external and internal websites, for internal websites, the will use as parent proxy to access it.

company external websites: * except for and
company internal websites: *, and

1. configure Squid on as follows:


cache_peer parent 8080 3130 no-query
acl internal  dstdomain
never_direct allow internal 

Now you can only use proxy to access both Internet and all internal websites. 

1.  According to,
One important concept that must be understood is that of parents and siblings. A sibling is a cache that your proxy, when it receives a request for a URL, sends a query to to see if it has a copy of it. The sibling then sends back either ``Yes, I have it'' or ``No, I don't have it''. The proxy then decides if it should retrieve this object from a sibling, or go get it from the source directly. A parent is a proxy that, if none of the siblings have a copy of the object you want, your proxy opens a request to and asks the parent to go get a copy for it, rather than fetching it directly.

2. never_direct directive means it will go through parent proxy for both http and https request for those internal domains. Otherwise, if the http request for internal websites are redirected to https request, will try to fetch those https request directly from itself without going through parent again. If configured 'never_direct', then it will go through parent proxy for https request after redirection as well.

3. no-query is a ICP options to disable ICP queries to this cache.