RE: [squid-users] Downloads not going through parent proxy, going DIRECT

From: Geoff Varney <geoff.varney@dont-contact.us>
Date: Mon, 27 Nov 2006 13:58:38 -0800

Thanks Matus, that did it! You guys on this list sure are a great
resource and so often have simple solutions to problems such as this
one.

As the default setting had this setting in it, should I expect any other
issues now that I have disabled it? I'm wondering if there is any
reason why I'd need to do this, or if going through DansGuardian and
then to the next Squid server (which is again at the default setting for
"hierarchy_stoplist cgi-bin ?") should hopefully be the same thing as
having this enabled without a parent? If DG doesn't mess with anything
other than denying based on the content, etc., this should be OK then?
I guess we'll see how it goes.

Thanks,
Geoff

-----Original Message-----
From: Matus UHLAR - fantomas [mailto:uhlar@fantomas.sk]
Sent: Monday, November 27, 2006 1:06 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Downloads not going through parent proxy,
going DIRECT

On 27.11.06 12:29, Geoff Varney wrote:
> I have been using Squid 2.6 with DansGuardian 2.9 for a while now and
> it's been working well, blocking downloads of various file types, etc.
> However, I'm just seeing today (not sure how long this has been going
> on!) that *some* sites are allowing exes to come through. What I'm
> seeing in the Squid access.log is like this (I tested from
download.com
> with a normal account not allowed to download)
>
> TCP_MISS/200 185021 GET
>
http://software-files.download.com/sd/g33i94D6JAAXtGO-PPSk_XhSmDf4MVuRC4
>
CEP8QJjHfCg4aBx59AvP9DditCgw90rjIIHWsyB3P5NLlDhNcQeboRWRI19e-Z/software/
>
10607469/10279647/3/Scorched3D-40.1d.exe?lop=link&ptype=3000&ontid=7486&
> siteId=4&edId=3&pid=10607469&psid=10279647 test DIRECT/216.239.112.15
> application/octet-stream
>
> Is there something in the way this URL is written that sends this
> request out DIRECT instead of through the parent (DG) proxy?

you probably have uncommented the following line (as it is in default
squid.conf):
hierarchy_stoplist cgi-bin ?

which causes all requests containing "?" (as the one above) to go
direct.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.
Received on Mon Nov 27 2006 - 15:00:07 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST