Hi
I used to have some old V1.1.x configuration settings using local_domain and
inside_firewall settings
Now with V2.3STABLE2 (at last we're migrating, and it's been long overdue
!), local_domain and inside_firewall are replaced by rules for never_direct
and always_direct using acls. The problem is that I have two www.otis.com
which is outside the firewall and intranet.otis.com which is inside it i.e.
they both have the same DNS zone. Before, I could just use a set of rules
like
inside_firewall !www.otis.com
local_domain otis.com
and Squid would go to intranet.otis.com directly, but www.otis.com via the
parent proxy (which could go through the firewall). It worked perfectly.
I used to be able to get away with dstdomain acls which were actually the
entire host name e.g. wwww.thissite.com as an easy way to control exactly
one destination host. Now that the leading dot in dstdomain acls is
enforced, it is no longer possible. What are the alternatives, and which one
(if there's more than one) is best ? I realise that dstdom_regex is
available, but is there much of an acl parsing performance hit, when all I
want to match is EXACTLY one host, rather than .*.thiscompany.com ?
I also note that in the default squid.conf, the documentation for
never_direct and always_direct tags still shows the dstdomain acls without
the leading dot. This is wrong, and exists right up to the latest
V2.4DEVEL2 distribution (in cf.data.pre)
PS: The bugs page for V2.3 indicates that some of the problems with
V2.3STABLE2 are fixed in STABLE3, but there's no STABLE3 version to download
- any idea what happened or where I can get the patches ?
Regards
Jason Armistead
OTIS Elevators, Minto Australia
Received on Thu Apr 13 2000 - 18:20:45 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:56 MST