At 03:36 PM 4/20/99 -0400, Snyder, Bob wrote:
[...]
>OK, I'm still having problems. I also upgraded to Squid 2.2.STABLE1. Here's
>the relavent sections of my config file, with names changed to protect the
>less innocent:
>
>cache_peer 10.1.1.11 parent 8080 7 no-query no-digest no-netdb-exchange
>
>acl internal src 10.1.1.0/255.255.255.0
>http_access allow manager localhost
>http_access deny manager
>http_access deny !Safe_ports
>http_access allow internal
>http_access deny all
>
>acl example.com dstdom_regex -i [^:]*://[^:/]*example\.com[:/].*
This doesn't seem right to me. dstdom_regex works for the domain and not the
whole URL.
You might want to use:
acl example.com ulr_regex -i [^:]*://[^:/]*example\.com[:/].*
or:
acl example.com dstdom_regex \.example\.com$
>cache_peer_access 10.1.1.11 allow example.com
>cache_peer_access 10.1.1.11 deny all
>never_direct allow example.com
>never_direct deny all
>
>The system is dual-homed, one interface on 10.1.1.124, the other on the
>Internet side. 10.1.1.11 is a internal (non-Squid) proxy that can speak to
>internal example.com. example.com runs a split-DNS, where internal systems
>are not visible to external DNS. Squid is pointed at external DNS.
>
>In access.log, I get:
>
>924636501.872 48 10.1.1.120 TCP_MISS/503 1141 GET
>http://foo.example.com/ - DIRECT/foo.example.com -
>
>And the error page tells me "Host not found."
>
>I've also tried acl example.com dstdomain example.com, and that fails the
>same way. Will a dstdomain match any subordinate domain?
>
>Thoughts?
>
>Bob
>
---------------------------------------------------------------------
Marc van Selm
NATO C3 Agency
Communication Systems Division, A-Branch
Tel: +31 70 3142454
E-mail: marc.van.selm@nc3a.nato.int
---------------------------------------------------------------------
Private: selm@cistron.nl, selm@het.net, http://www.cistron.nl/~selm
Received on Wed Apr 21 1999 - 02:24:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:53 MST