Re: [squid-users] Squid Redirect With Hosts File And Parent Proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 19 Aug 2009 22:45:23 +1200

Aegis1888 wrote:
> Hi Guys,
>
> So I've got pretty far with configuring my installation of squid. I'm
> extremely pleased with the progress so far, but one thing is holding me
> back. The problem is that I want to direct requests for a particular domain
> through to a web server that I have configured internally. I thought I could
> simply change an entry in the /etc/hosts file on the server squid is running
> on, for example;
>
> 198.xxx.xxx.xxx www.hotmail.com
>
> Every request that a browser makes for www.hotmail.com will be resolved by
> squid to the ip address 198.xxx.xxx.xxx. However this didn't work. Basically
> when I make this change, and make a request for www.hotmail.com, the browser
> hangs. But when when i remove this entry from the hosts file the browser is
> able to get to hotmail successfully. That tells me that squid is reading the
> hosts file, but there is possibly some error in the name resolution.
>
> NOTE: I understand that you have to restart squid for it to see the changes
> in the hosts file, as specified in;
>
> http://www.squid-cache.org/Versions/v2/2.6/cfgman/hosts_file.html
>
> Before I go on, I should mention that I am running squid 2.6 on ubuntu
> jaunty jackolope. There is a webserver running on the same machine that I've
> tried it with and another internal webserver running on a different machine.
> In addition I've chained this proxy to a parent proxy that requires
> authentication.
>
> Now I am not a network guy, this isn't (usually) my job, its just happened
> to have landed on my lap and there's nobody else that can do it (i'm not
> bitter). So my understanding of how proxy servers resolve hostnames is
> sketchy at best.
>
> IIUC when squid gets a request for a host name it will try to resolve it
> against a DNS server. The /etc/hosts file acts as a local DNS server/lookup
> for squid. If squid finds an entry for the host name in this hosts file than
> it will resolve to this IP address.
>
> However what I'm not sure about is whether the parent proxy will use this ip
> address or do its own DNS lookup. I mean does squid send the hostname or the
> IP address to the parent? Because this could be a potential problem.
>
> If its the case is the child proxy has a problem with the lookup, how would
> I be able to tell?
>
> Also, is this the correct way of assigning a different IP address to a
> hostname? Will the hosts file solution suffice? Am I overlooking something?
> Do I need a full blown DNS server?
>
> Any help would be greatly appreciated.
>
> Cheers
>

You can forget hosts for this. DNS is not involved.

Since you are passing everything through a parent proxy. You face the
choice of configuring the parent proxy itself to pass off to the web
server. Via a normal DNS and web request, or via its own cache_peer link.

Or whether to bypass the 'internal' domain requests and pass them
straight to the web server from your Squid without touching the parent
proxy.

The correct way to do that is to add a cache_peer entry for the web
server you are passing things to. Squid is mixing a bit of reverse-proxy
mode with it's normal operations. So the cache_peer + cache_peer_access
parts of this tutorial apply (but not the http_port part and maybe not
http_access parts):
   http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13
Received on Wed Aug 19 2009 - 10:45:37 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 19 2009 - 12:00:04 MDT