My first squid setup. It's very very simple -- I defined acl
"our_networks" in the default config with the Centos package to recognize
our networks, and that's about it.
I manually configured my desktop firefox to use the squid proxy I set up
(the proxy is not on my desktop; it's on lnx01, we'll call it (the real
name is longer and hard to type)).
lnx01 also runs Apache, and some local websites (nagios, mrtg, a foswiki,
that kind of thing).
From my desktop, using the proxy, I can access external sites, and I can
access other inside sites -- except for the ones hosted on lnx01, the same
system that squid runs on.
Then I found something even weirder -- if I use the IP address instead of
the DNS name for lnx01, I can get to the sites it hosts through the proxy.
So, http://lnx01/mrtg fails (gets "the requested url could not be
retrieved" and "access denied"; the error page has a squid signature at
the bottom). But http://192.168.1.22/mrtg succeeds. (There's an FQDN for
lnx01 that I'm glossing over; the full and short names behave the same.)
Other internal people, not using the proxy, can access the sites hosted on
lnx01 as before, no problem, no change.
Haven't been able to find discussion of anything like this googling around
or scanning the FAQ. I'm sure it's something I've got wrong in my config,
but I looked pretty carefully to see which ACLs would apply to this
request, and which http_access statements involved those ACLs, and I can't
find anything that would be denying access by name. In fact I don't know
how I'd do it deliberately if I wanted to. But then, I first looked at
the squid docs today (well, I did run it for a while over a decade ago in
a different job, but I don't remember much, and I imagine it's change
since then).
I've currently got the firewall on lnx01 off, so it's not some interaction
with the firewall.
The access.log file shows the access, and the denial, but nothing that
tells me anything. The squid.out log shows nothing since creating the
swap directories when I first ran it.
Any thoughts?
-- David Dyer-Bennet, dd-b@dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.infoReceived on Fri Jun 17 2011 - 21:43:17 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 18 2011 - 12:00:03 MDT