Paul Bertain wrote:
What I should have said was put an entry in /etc/hosts and then modify
/etc/nsswitch.conf on the Squid box so that it sees that same host as
valid.
You could. Although by using the internal DNS resolver for just squid,
you only need to add the entry to /etc/hosts. Squid loads the hosts file
to prime its internal DNS resolver.
That would be the easiest way to configure it yes. But it makes the site
available to all users of Squid. Not just the one client.
Amos
On Jul 12, 2008, at 10:36 PM, Paul Bertain wrote:
Would it work to put an entry on the Squid machine and to make sure
that /etc/nsswitch.conf has "hosts: files dns"?
That way, Squid sees it the same way, which is what it looks like Tuc
is trying to do.
Paul
On Jul 12, 2008, at 8:55 PM, Amos Jeffries wrote:
Tuc at T-B-O-H.NET wrote:
Hi,
Running into a problem, not sure if or how to handle it.
User running windows has an entry in their (Windows
equiv of /etc/hosts) that says :
192.168.3.10 SNEAKY.EXAMPLE.COM
For the rest of the world, SNEAKY.EXAMPLE.COM doesn't
exist (NXDOMAIN).
Without squid in transparent/WCCP2 mode, it appears that the
user contacts 192.168.3.10 and does his thing. With squid+
transparent+WCCP2, we end up with 503's. Is there even a way to
be able to address this, or is
the user just going to be out of luck period?
Out of luck. Domain hijacking like this is precisely why squid
doesn't trust the client-given dst IP in transparent mode.
They will have to:
a) connect to that domain using raw IP address in the URL.
b) negotiate with the proxy admin to configure the proxy to
selectively do the SNEAKY.EXAMPLE.COM redirect for them.
Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE7
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE7
