This directive allows you to restrict forwarded requests by their domain names. For example, you can make sure that URIs in a certain domain never go to your parent cache. Similarly, you can make sure that requests for only a few specific domain names are sent to a neighbor. The cache_peer_domain directive has been largely superseded by cache_peer_access, which is much more flexible.

Following the neighbor’s hostname, you can specify a list of domain names. These are searched in order, until Squid finds a match. A match means that the request can be sent to the neighbor, unless you prefix the domain name with ! (“not”). For example, means “allow,” while ! means “disallow” If none of the listed domains match the URL, the default action (allow or deny) is the opposite of the last one in the list.

Note, the domain name matching algorithm is somewhat tricky. See the description in Section


cache_peer_domain hostname 
                              domain ...


No default


cache_peer_domain .net .org
cache_peer_domain !


cache_peer, cache_peer_access, neighbor_type_domain

Get Squid: The Definitive Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.