On Thursday 05 June 2003 08.32, Denis Tatarskikh wrote:
> Please, hint, how should I address the problem and get dst based
> tcp_outgoing_address determination work properly, as I expect it?
The problem with using dst acls in tcp_outgoing_address is that it
cannot wait for the DNS lookup to complete. If you can then it is
better to use dstdomain.
Alternatively you can improve the situation somewhat by making sure
the dst acl is used in http_access
acl do_dns_lookup dst 0.0.0.0/32
http_access deny do_dns_lookup
But even with this there may be a few false negatives in
tcp_outgoing_address if the ttl of the address expires inbetween when
http_access and tcp_outgoing_address is processed by Squid.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Thu Jun 05 2003 - 01:20:28 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:16 MST