On Wed, 26 Oct 2011 17:28:21 -0700, David Wake wrote:
> Hi there,
>
> I'm using Squid 3.1 as part of a proxy chain. I'm trying to make
> Squid use the local /etc/hosts file for name resolution before
> forwarding the request to the next proxy in the chain, but I've been
I think not. You are clearly trying to do something (X), and decided
that DNS lookup (Y) is the way to get there. And ask us only how to do
Y. If you explain what the original X is we can probably help you reach
the real solution (Z).
> unable to make it work, even by explicitly using the hosts_file
> directive. I'd be really grateful if anyone could help!
hosts is a possible source for DNS results. Squid by default uses hosts
values when it requires DNS lookup. All you can do is tell it where to
find the hosts file, or point it at an empty file.
Passing requests to a chained proxy does not naturally require DNS. You
already have a static configured destination (the peer). So no DNS
lookup is done.
The peer/parent proxy may or may not do its own DNS lookups to decide
where to send the request.
>
> Here's an example:
>
> I'll access a website normally via the proxy, with no weirdness in
> /etc/hosts
>
> > cat /etc/hosts
> 127.0.0.1 localhost.localdomain localhost
> > echo $http_proxy
> http://localhost:3128
> > curl http://yahoo.com
> The document has moved here.<P>
> <!-- w33.fp.sk1.yahoo.com uncompressed/chunked Wed Oct 26 17:12:17
> PDT 2011 -->
>
>
> Now I'll change /etc/hosts to point yahoo.com to google.com. Notice
> that the proxy doesn't respect this: it still goes to yahoo.com
> rather than google.com.
>
> > cat /etc/hosts
> 127.0.0.1 localhost.localdomain localhost
> 74.125.224.148 yahoo.com ### IP of google.com
> > echo $http_proxy
> http://localhost:3128
> > curl http://yahoo.com
> The document has moved here.<P>
> <!-- w59.fp.sp2.yahoo.com uncompressed/chunked Wed Oct 26 17:13:06
> PDT 2011 -->
>
What happens here:
* "http://www.yahoo.com/" needs to be fetched.
* curl asks your proxy
* your proxy passes everything to its parent
* the parent proxy does something to fetch it.
>
> Now I'll disable the local proxy, and /etc/localhosts is respected.
> > unset http_proxy
> > curl http://yahoo.com
> <HTML><HEAD><meta http-equiv="content-type"
> content="text/html;charset=utf-8">
> <TITLE>302 Moved</TITLE></HEAD><BODY>
> <H1>302 Moved</H1>
> The document has moved
> here.
> </BODY></HTML>
>
What happens here:
* "http://www.yahoo.com/" needs to be fetched.
* curl looks up DNS (finds hosts entry)
* curl fetches the URL from DNS listed server
>
> Here is my squid.conf:
>
> visible_hostname localhost
> http_port 3128
> acl all src all
> acl all_src src all
"all" and all_src" are identical. Just use "all" instead of "all_src".
> acl all_dst dst all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl localhost_dst dst 127.0.0.1/32
> http_access allow manager localhost
> http_access deny manager all_src
> http_access allow localhost
> http_access deny all_src
So you reject requests which come from any machine with an IP address.
AKA "http_access deny all". The lines which follow it are can not be
reached and so can be erased.
> http_access allow all_dst
> http_access deny localhost_dst
> http_reply_access allow all_src
> icp_access deny all_src
> coredump_dir /tmp
> never_direct allow all
You have configured this Squid *never* to "go direct" to any DNS (ie
hosts) listed destination.
> no_cache deny all
NP: Remove the "no_" part of the above line. It make the directive
confusing.
> peer_connect_timeout 120 seconds
> strip_query_terms off
> access_log /var/log/squid/access.log squid
> cache_log /var/log/squid/cache.log
> useragent_log /var/log/squid/useragent.log
> referer_log /var/log/squid/referer.log
> cache_peer XX.XX.XX.XX parent 3128 0 login=XXXXX:XXXXXXXXXXX
> hosts_file /etc/hosts
>
Amos
Received on Thu Oct 27 2011 - 01:31:09 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 27 2011 - 12:00:08 MDT