Re: [squid-users] Squid2.4 & /etc/hosts from Henrik Nordstrom on 2003-02-05 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 05 Feb 2003 08:05:10 +0100

What do you get in Squid access.log on a request for
http://webmail.company.com/?

Are you using any redirectors?

Regard
Henrik

Jay Turner wrote:
>
> Hi Robert,
>
> Thanks for your reply. Checking the log file the CONNECT method is provided
> to squid with the hostname webmail.company.com however the IP address that
> is shown is the world address rather than the address specified in the
> /etc/hosts file.
>
> ie
> /etc/hosts entry: 10.14.12.122 webmail.company.com
> Browser Request: https://webmail.company.com
> Log Shows: 10.14.12.123 TCP_MISS/503 0 CONNECT webmail.company.com:443 -
> DIRECT/203.123.xxx.xxx -
>
> So you are saying this should work and is probably a bug?
>
> -----Original Message-----
> From: Robert Collins [mailto:robertc@squid-cache.org]
> Sent: Wednesday, 5 February 2003 9:14 AM
> To: jturner@bsis.com.au
> Cc: Henrik Nordstrom; squid-users@squid-cache.org
> Subject: RE: [squid-users] Squid2.4 & /etc/hosts
>
> On Wed, 2003-02-05 at 12:02, Jay Turner wrote:
> > But it is maintained by Red Hat who backport any security patches to the
> 2.4
> > version they ship with 7.3.
> >
> > If you could please re-read my post you will note that I have recompiled
> > with --disable-internal-dns and it successfully references /etc/hosts for
> > http:// pages. My question relates to https:// pages and having squid do a
> > local lookup from somewhere for the IP address rather than fetching it
> from
> > the DNS (as it does with /etc/hosts for http:// requests).
>
> Which you probably can't do.
> If the CONNECT verb is provided to squid with an ip address rather than
> a hostname, no proxy can do what you are asking.
> If a hostname is provided, then the same host->ip lookup path is
> followed as for http:// requests.
>
> Check access.log. If you see CONNECT ipaddress:443 then you need to look
> at using a redirectory to alter the requested IP address.
> If you see CONNECT hostname:443, then please log a bug in bugzilla.
>
> Rob
> --
> GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
Received on Wed Feb 05 2003 - 00:05:44 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:14 MST