Solved: wccp bypass

Justin Zullinger · ‎06-30-2011

Hello,

Currenty using WCCP with squid for content filtering. One of our sites we connect to needs to see the connection coming from our public IP address, not the proxy server IP. I've created a acl in squid for direct lookup, but the website gets angry with the X-Forwarder-Header squid attaches to each packet. Is there a way in a cisco ASA 5505 to bypass wccp for a specific public ip address or url?

Thanks in advance.

ahskhan · ‎06-30-2011

No, redirect ACL is extended, so it can be both ways, see below my LAB

access-list 120; 2 elements

access-list 120 line 1 extended deny ip any host 72.163.4.161 log informational interval 300 (hitcnt=45) 0x0a8fd0a5

access-list 120 line 2 extended permit ip any any (hitcnt=0) 0x6f1c3702

Hope this solve your issue.

Ahsan

View solution in original post

ahskhan · ‎06-30-2011

Hi,

You can use redirect-acl to define whcih traffic should / should not be redirected to WCCP Client. See below syntax

wccp web-cache redirect-list ACL_Name

Ahsan

Justin Zullinger · ‎06-30-2011

Wouldn't that just be for internal traffic, ie machines on the lan to bypass WCCP all together? I still want all the machines on the lan using WCCP, but just want one website to not use wccp.

ahskhan · ‎06-30-2011

No, redirect ACL is extended, so it can be both ways, see below my LAB

access-list 120; 2 elements

access-list 120 line 1 extended deny ip any host 72.163.4.161 log informational interval 300 (hitcnt=45) 0x0a8fd0a5

access-list 120 line 2 extended permit ip any any (hitcnt=0) 0x6f1c3702

Hope this solve your issue.

Ahsan

Justin Zullinger · ‎06-30-2011

That did the trick!

Thanks!