Re: [squid-users] Squid, Symantec LiveUpdate, and HTTP 1.1 versus HTTP 1.0

Dear all,

I found that Symantec LU has round robin DNS. And they can change DNS A
record at anytime.

Isn't it better if Squid can bypass the domain name in squid.conf?
Is it possible?

Wong

===snip===

[root_at_squid root]# nslookup liveupdate.symantec.com
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
liveupdate.symantec.com canonical name = liveupdate.symantec.d4p.net.
liveupdate.symantec.d4p.net canonical name =
symantec.georedirector.akadns.net.
symantec.georedirector.akadns.net canonical name = a568.d.akamai.net.
Name: a568.d.akamai.net
Address: 60.254.140.170
Name: a568.d.akamai.net
Address: 60.254.140.177
Name: a568.d.akamai.net
Address: 60.254.140.179
Name: a568.d.akamai.net
Address: 60.254.140.160
Name: a568.d.akamai.net
Address: 60.254.140.171
Name: a568.d.akamai.net
Address: 60.254.140.161

----- Original Message -----
From: "Marcus Kool" <marcus.kool_at_urlfilterdb.com>
To: "Nathan Eady" <galionlibrary_at_gmail.com>
Cc: <squid-users_at_squid-cache.org>
Sent: Thursday, March 26, 2009 04:09
Subject: Re: [squid-users] Squid, Symantec LiveUpdate, and HTTP 1.1 versus
HTTP 1.0

> The story about Squid and HTTP 1.1 is long...
>
> To get your LiveUpdate working ASAP you might want to
> fiddle with the firewall rules and to NOT redirect
> port 80 traffic of Symantec servers to Squid, but
> simply let the traffic pass.
>
> Nathan Eady wrote:
>> Okay, we've got port 80 traffic going transparently to a Squid proxy
>> here, and I need to make a small configuration change, and I can't
>> seem to find, either in the man pages nor on the web, the
>> documentation on how to do it. It's probably one little line in
>> squid.conf, but I can't find it.
>>
>> Here's the deal:
>> When I access a site (I tested with Google as well as our own offsite
>> web server) from a computer that is NOT behind the transparent squid
>> proxy, issuing an HTTP/1.1 request, I get the normal expected HTTP/1.1
>> response:
>>
>> nathan_at_externalbox$ telnet www.galionlibrary.org 80
>> Trying 209.143.16.23...
>> Connected to galionlibrary.org.
>> Escape character is '^]'.
>> GET / HTTP/1.1
>> Host: www.galionlibrary.org
>>
>> HTTP/1.1 200 OK
>> [snip the rest]
>>
>> However, when I do the same thing from a system that IS behind the
>> proxy, I get an HTTP/1.0 response back:
>> nathan_at_donalbain:~$ telnet www.galionlibrary.org 80
>> Trying 209.143.16.23...
>> Connected to galionlibrary.org.
>> Escape character is '^]'.
>> GET / HTTP/1.1
>> Host: www.galionlibrary.org
>>
>> HTTP/1.0 200 OK
>> [snip the rest]
>>
>> Until recently I never even noticed this, but now Symantec LiveUpdate
>> is failing on all the systems behind the proxy. I posted about that
>> on the Norton Community forum, umm, here:
>> http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=42361
>>
>> The long and short of that thread is that recent updates to LU have
>> caused it to no longer support HTTP 1.0. The LU servers are all HTTP
>> 1.1, and now the client requires this. Our setup is not the only
>> thing breaking as a result (apparently, the built-in "firewalls" on
>> some home routers also have problems with it), but now that I'm aware
>> Squid is doing this, it ought to be easy to make some small change in
>> the configuration and get it to return HTTP 1.1 responses, at least
>> when the server does -- right?
>>
>> But I'm coming up blank on how.
>>
>> One other note: the version of Squid we have, for reasons that aren't
>> worth going into here, is I believe somewhat outdated (-v says
>> 2.5.STABLE13). But HTTP 1.1 is certifiably older than dirt, so I'd be
>> extremely amazed if the Squid that we have doesn't support it...
>> We're going to update it hopefully pretty soon, but getting LiveUpdate
>> working again is significantly more urgent (and, hopefully, easier;
>> updating Squid in our case probably means a fresh OS install...)
>>
>> So where and how do I configure what Squid does with HTTP versions?
>> Where is this documented?
>>
>> TIA,
>>
>> Nathan Eady
>> Technology Coordinator
>> Galion Public Library
>>
>
Received on Fri Mar 27 2009 - 06:41:05 MDT