Re: [squid-users] squid host mapping problem

ryan haynes wrote:
> using squid 2.6.STABLE18 on ubuntu
>
> i have an old internal webserver at x.y.82.15 that needs to go away.
> the new internal webserver is at x.y.82.11
> i've changed the /etc/hosts file to point to the new address but my
> clients keep getting content from the old webserver from squid.
>
> on the squid server i can ping the hostname ourcompany.web and it
> correctly resolves to x.y.82.11
>
> on the squid server (using itself as a proxy) i can connect to
> http://ourcompany.web and it pulls content from the correct webserver.
> however clients still get the old server. they are xp clients and they
> have no hostname configured and ourcompany.web does not resolve thru
> dns.
>
> i did "sudo grep -r x.y.82.15 /etc/*" just to see if there was some
> other hosts mapping somewhere and it did turn up "/etc/hosts~" with
> x.y.82.15 but i fixed that one, restarted squid and no luck and then
> i restarted the server and still nothing (can anyone tell me what that
> /etc/hosts~ file is???)
>

http://mark.kolich.com/2008/10/howto-configure-vi-to-stop-saving-annoying-tilde-backup-files.html

> i suspected the old site was getting cached out but i dont think im
> even using caching but please correct me if im wrong
>

You are not explicitly NOT caching, so that's the most likely answer.
Tail your access.log and look for x.x.82.15:

tail -f /var/log/squid/access.log | fgrep x.x.82.15.

That will tell you for sure if Squid is sending any requests to the old
server.

> /etc/hosts & etc/squid/squid.conf below .. routable addresses have been masked.
>
> if im overlooking something stupid please feel free to berate me.
>
> thanks for any help!
>
> **************************************
> 127.0.0.1 localhost
> 127.0.1.1 proxy01
> x.y.82.11 ourcompany.web
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> ff02::3 ip6-allhosts
> **************************************
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 # https
> acl Safe_ports port 80 # http
> acl Safe_ports port 443 # https
> acl purge method PURGE
> acl CONNECT method CONNECT
> acl 82.0_network src x.y.82.0/24
> acl 81.0_network src x.y.81.0/24
> acl loopback src 127.0.0.1
> acl 10.193.15_network src 10.193.15.0/24
> acl 10.193.16_network src 10.193.16.0/24
> acl 10.193.17_network src 10.193.17.0/26
> acl blocksites url_regex "/etc/squid/blacklist"
> acl internal_domain dstdomain .ourcompany.web
>
> cache_peer x.y.82.11 parent 80 0 no-query no-digest name=internalA
>
> cache_peer_access internalA allow internal_domain
> cache_peer_access internalA deny all
>
> http_access deny blocksites
> http_access allow loopback
> http_access allow 82.0_network
> http_access allow 81.0_network
> http_access allow 10.193.15_network
> http_access allow 10.193.16_network
> http_access allow 10.193.17_network
> http_access allow manager localhost
> http_access deny manager
>

These two lines should be moved to the top of the http_access list.
Otherwise, they are useless. Manager access is allowed along with
everything else by the other allows.

> http_access allow purge localhost
>

Perhaps you want to move this one up to, but there is no explicit deny
on purge...

> icp_access allow all
>
> http_port 8080
> hierarchy_stoplist cgi-bin ?
>
> access_log /var/log/squid/access.log squid
>
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
>
>
> extension_methods REPORT MERGE MKACTIVITY CHECKOUT
>
> visible_hostname proxy01
> hosts_file /etc/hosts
>
> coredump_dir /var/spool/squid
>

Chris
Received on Tue Mar 17 2009 - 20:49:42 MDT