Hi, Thats what I've done for this one user I found... The question becomes how many other users are experiencing it but I don't know about. (Userbase is the kind that generally doesn't complain. Anything that I've found/fixed I did because I watch logs/etc) Thanks, Tuc > > What I should have said was put an entry in /etc/hosts and then > modify /etc/nsswitch.conf on the Squid box so that it sees that same > host as valid. > > On Jul 12, 2008, at 10:36 PM, Paul Bertain wrote: > > > Would it work to put an entry on the Squid machine and to make sure > > that /etc/nsswitch.conf has "hosts: files dns"? > > > > That way, Squid sees it the same way, which is what it looks like > > Tuc is trying to do. > > > > Paul > > > > On Jul 12, 2008, at 8:55 PM, Amos Jeffries wrote: > > > >> Tuc at T-B-O-H.NET wrote: > >>> Hi, > >>> Running into a problem, not sure if or how to handle it. > >>> User running windows has an entry in their (Windows > >>> equiv of /etc/hosts) that says : > >>> 192.168.3.10 SNEAKY.EXAMPLE.COM > >>> For the rest of the world, SNEAKY.EXAMPLE.COM doesn't > >>> exist (NXDOMAIN). > >>> Without squid in transparent/WCCP2 mode, it appears that the user > >>> contacts 192.168.3.10 and does his thing. With squid+ > >>> transparent+WCCP2, we end up with 503's. Is there even a way to > >>> be able to address this, or is > >>> the user just going to be out of luck period? > >> > >> Out of luck. Domain hijacking like this is precisely why squid > >> doesn't trust the client-given dst IP in transparent mode. > >> > >> They will have to: > >> > >> a) connect to that domain using raw IP address in the URL. > >> > >> b) negotiate with the proxy admin to configure the proxy to > >> selectively do the SNEAKY.EXAMPLE.COM redirect for them. > >> > >> Amos > >> -- > >> Please use Squid 2.7.STABLE3 or 3.0.STABLE7 > > >
