Only if you have other ACL's requiring the lookup, such as a dst ACL.
Review your http_access lines.
Regards
Henrik
On Friday 22 February 2002 02:14, Steve Snyder wrote:
> Does Squid (v2.4S4, on a Linux box) attempt to resolve the
> addresses of blocked URLs?
>
> I've got these lines in my squid.conf:
>
> acl gatorcom dstdomain .gator.com
> http_access deny gatorcom
>
> To judge by access.log, the denial is working:
>
> 1014325396.294 1 192.168.0.3 TCP_DENIED/403 1052 POST
> http://regserver.gator.com/cmd/client_user_info - NONE/- -
> 1014325996.304 1 192.168.0.3 TCP_DENIED/403 1052 POST
> http://regserver.gator.com/cmd/client_user_info - NONE/- -
> 1014326596.325 1 192.168.0.3 TCP_DENIED/403 1052 POST
> http://regserver.gator.com/cmd/client_user_info - NONE/- -
> 1014327196.350 1 192.168.0.3 TCP_DENIED/403 1052 POST
> http://regserver.gator.com/cmd/client_user_info - NONE/- -
> 1014327796.371 1 192.168.0.3 TCP_DENIED/403 1052 POST
> http://regserver.gator.com/cmd/client_user_info - NONE/- -
> 1014328396.386 1 192.168.0.3 TCP_DENIED/403 1052 POST
> http://regserver.gator.com/cmd/client_user_info - NONE/- -
>
> Yet my nameserver logs contain notifications that
> "regserver.gator.com" is misconfigured. Huh? How would it know
> anything about this server unless Squid tried to resolve the URL
> given to it?
>
> If in fact Squid is resolving blocked domains, that's really an
> unneeded use of system resources. Why do we care about the address
> if the HTTP request is going to be denied?
>
> So, is squid attempting to resolve blocked domains, or not?
>
> Thanks.
-- MARA Systems AB, Giving you basic free Squid support Customized solutions, packaged solutions and priority support available on requestReceived on Thu Feb 21 2002 - 18:38:39 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:30 MST