On Fri, 10 Dec 1999, Clifton Royston wrote:
> > > acl local-servers dst xxx.yyy.zzz.aaa/255.255.255.0
>
> There's a "gotcha" on this. If Squid starts getting busy, since it
> gets DNS lookups by name, it will not have time to complete them, and
> therefore if it gets requests for a virtual server you run locally
> it'll fetch them and cache them before realizing they're local.
Good point. It might be best to catch these requests before they even get
to Squid - if you're running transparent proxying you can add in rules to
let your local net avoid the redirection, or if you are using proxy
auto-configuration your proxy.pac function could check to see whether each
request is local or not:
function FindProxyForURL(url, host) {
if (isPlainHostName(host) ||
dnsDomainIs(host, ".satlink.com.au") ||
dnsDomainIs(host, ".local1.net.au") ||
dnsDomainIs(host, ".local2.com.au") ||
dnsDomainIs(host, ".local3.org.au")) {
return "DIRECT";
}
else if (url.substring(0, 5) == "http:" ||
url.substring(0, 4) == "ftp:" ||
url.substring(0, 6) == "https:" ) {
return "PROXY proxy.satlink.com.au:3128; DIRECT";
}
else {
return "DIRECT";
}
}
This might a feasible solution.
The problem of managing all these entries, whether they are in squid.conf
or somewhere else, can be solved by having a tiny script that builds your
squid.conf from several pieces:
#!/bin/sh
cat squid.conf.top hosted_domain_acls squid.conf.bottom > squid.conf
Then you have a file that contains only your hosted domains, and a simple
command to reconstruct your squid.conf whenever it changes.
Sorry for the length of this post - hope it helps someone.
-- Kendall Lister, Systems Operator for Charon I.S. - kendall@charon.net.au Charon Information Services - Friendly, Cheap Melbourne ISP: 9589 7781Received on Fri Dec 10 1999 - 16:27:48 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:50 MST