Re: squid on debian (dst and dstdomain) from Amos Jeffries on 2014-08-06 (squid-dev)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 07 Aug 2014 02:42:57 +1200

On 7/08/2014 2:30 a.m., Fred Maranhão wrote:
> 2014-08-06 10:36 GMT-03:00 Kinkie wrote:
>> On Wed, Aug 6, 2014 at 2:10 PM, Fred Maranhão wrote:
>>> Hi,
>>>
>>> I just updated my squid in an debian stable box and after the update
>>> everything works fine. but I restart my squid and it not started.
>>>
>>> I detected a (very old) line in /etc/squid3/squid.conf with an error,
>>> but propably an warning till the last version and now an error.
>>>
>>> that was the old line:
>>>
>>> acl site_exemplo dst exemplo.com
>>>
>>> and even wrong, the squid worked normally.
>>>
>>> now I changed this to
>>>
>>> acl site_exemplo dstdomain exemplo.com
>>>
>>> and everything is ok. is this a bug?
>>
>> You slightly changed the semantics of your configuration.
>>
>> acl site_exemplo dst exemplo.com
>>
>> This is is a per-destination-ip-address ACL: it would resolve
>> exemplo.com to its ip address, and then anything matching that
>> destination ip address would be a positive for that ACL, even if it
>> was www.exemplo.com or www.microsoft.com.
>>
>> acl site_exemplo dstdomain exemplo.com
>>
>> This is a per-destination-host-name ACL: it maches URLS which contain
>> _exactly_ "exemplo.com" as hostname part, for instance
>> http://exemplo.com/, http://exemplo.com/index.html and so on.
>> It will _not_ match www.exemplo.com, exemplo.com's IP address or
>> www.microsoft.com even if it is on the same IP address.
>>
>> Only you can know what you want to achieve; please refer to the
>> documentation of the "acl" directive for further details and
>> variations.
>
> but this is not the importante issue. the important issue is that, in
> my instalation, squid doesn't start with the dst syntax. is there
> anyone using (updated) debian stable in here? the problem is just with
> me?
>

I am using the latest pre-release while Luigi sorts out packaging
upgrades. There are also several thousand others like yourself using the
released .deb package.

I dont think its the package particularly. However dst ACL requires
working DNS at startup in order to do that resolving Kinkie mentioned.
Check that Squid is able to resolve that domain, the OS gethostbyname()
is used.

Amos
Received on Wed Aug 06 2014 - 14:43:09 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 08 2014 - 12:00:12 MDT