(I'm not on the list, so CC: replies to me, if there're any)
I had the same problem, and I introduced a new directive
'behind_firewall'. which is only useful when the default is that squid can
reach all hosts directly,i.e. inside_firewall is not set. (If it's set we
don't have any problems since squid doesn't skip the hierarchy in that
case).
For all domains listed behind 'behind_firewall' all objects are always
fetched from a parent. (Default squid behaviour, when there's no
behind_firewall directive, is to fetch certain objects ("Pragma:
no-cache", cgi's,...) directly.
Background is, inside_firewall is used to instruct squid that _we_ are
behind a firewall, behind_firewall is used to tell squid that the _remote
site_ is behind a firewall, as is often the case in large Intranets
(that's our setup, squid is directly connected to the internet, but some
sites on the intranet can only be reached via internal firewalls).
I wrote the patch (see below) because nobody answered a question I asked
here some weeks ago.
I hope it's appropriate to post the entire 2k-patch here? (Too late now
anyway...)
################## patch start #########################
diff -ur squid-1.1.10.orig/src/cache_cf.c squid-1.1.10/src/cache_cf.c
--- squid-1.1.10.orig/src/cache_cf.c Wed Apr 23 21:38:36 1997
+++ squid-1.1.10/src/cache_cf.c Wed May 14 11:58:31 1997
@@ -1322,6 +1322,9 @@
else if (!strcmp(token, "inside_firewall"))
parseWordlist(&Config.inside_firewall_list);
+ else if (!strcmp(token, "behind_firewall"))
+ parseWordlist(&Config.behind_firewall_list);
+
else if (!strcmp(token, "dns_testnames"))
parseWordlist(&Config.dns_testname_list);
@@ -1506,6 +1509,7 @@
wordlistDestroy(&Config.local_domain_list);
wordlistDestroy(&Config.mcast_group_list);
wordlistDestroy(&Config.inside_firewall_list);
+ wordlistDestroy(&Config.behind_firewall_list);
wordlistDestroy(&Config.dns_testname_list);
wordlistDestroy(&Config.cache_stoplist);
ip_acl_destroy(&Config.local_ip_list);
diff -ur squid-1.1.10.orig/src/cache_cf.h squid-1.1.10/src/cache_cf.h
--- squid-1.1.10.orig/src/cache_cf.h Fri Mar 28 21:28:12 1997
+++ squid-1.1.10/src/cache_cf.h Wed May 14 11:56:41 1997
@@ -240,6 +240,7 @@
wordlist *local_domain_list;
wordlist *mcast_group_list;
wordlist *inside_firewall_list;
+ wordlist *behind_firewall_list;
wordlist *dns_testname_list;
relist *cache_stop_relist;
ip_acl *local_ip_list;
diff -ur squid-1.1.10.orig/src/proto.c squid-1.1.10/src/proto.c
--- squid-1.1.10.orig/src/proto.c Thu Apr 24 21:14:03 1997
+++ squid-1.1.10/src/proto.c Wed May 14 12:08:40 1997
@@ -607,9 +607,22 @@
matchInsideFirewall(const char *host)
{
const wordlist *s = Config.inside_firewall_list;
+ const wordlist *t = Config.behind_firewall_list;
const char *key = NULL;
int result = NO_FIREWALL;
struct in_addr addr;
+ if (t) {
+ for (; t; t = t->next) {
+ key = t->key;
+ result = OUTSIDE_FIREWALL;
+ if (*key == '!') {
+ key++;
+ result = INSIDE_FIREWALL;
+ }
+ if (matchDomainName(key, host))
+ return result;
+ }
+ }
if (!s && !Config.firewall_ip_list)
/* no firewall goop, all hosts are "inside" the firewall */
return NO_FIREWALL;
-- ******************************************************************* email: Michael.Hasenstein@informatik.tu-chemnitz.de (MIME welcome) homepage: http://www.tu-chemnitz.de/~mha/ my private pc: benjy.csn.tu-chemnitz.de (Linux!!) or 134.109.96.69 *******************************************************************Received on Mon Jun 02 1997 - 11:34:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:21 MST