Search squid archive

Re: using squid with dnsmasq and hosts file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* Amos Jeffries wrote :
> Troy Piggins wrote:
>> Not sure if this is a squid or dnsmasq problem, so hope you don't
>> mind me asking same question in 2 lists.
>>
>> I'm using squid3 as a transparent proxy by redirecting port 80
>> in iptables, and dnsmasq as well.  This all works fine.  But now
>> I'm trying to utilise the mvps hosts file to block malicious
>> URLs and am having trouble getting squid to recognise this hosts
>> file.
<snip />
>> But from a browser if I try to view a website listed in the mvps
>> hosts file, I don't get the blocked site message page, I get the
>> real (malicious) one.
>>
>> IIUC squid should be reading /etc/resolv.conf for DNS?  Mine is
>>
>>   nameserver 127.0.0.1
>>   search isp.invalid
>>
>> And so if it's using localhost and DNS, that's dnsmasq and the
>> mvps hosts file should come into play.
>>
>> What am I missing?
>
> Squid only loads the /etc/resolv.conf and /etc/hosts files. No other  
> special ones.

Understood, but I was assuming that since my /etc/resolv.conf
points to localhost as a nameserver and that nameserver uses the
mvps hosts file those entries would be used.  Hmm...

>> As an alternative, I've seen reference to using mvps entries
>> somehow in squid.conf acls or rules, but haven't found a good
>> explanation of /how/ to do this or examples.  Any pointers there
>> if that's the better way to go?
>
> From the Squid point of view...
>
> Probably a custom external ACL processor. If the mvps format is simple  
> it should be relatively easy to construct.

The mvps hosts file looks exactly like /etc/hosts file format.

> The simplest way though, is to use a plain dstdomain ACL, possibly with  
> the entries in a file for easy management.
>
> You then use the custom ACL helper, http_access, and deny_info URL to  
> provide the custom denial webpage for visitors.
>
> http://www.squid-cache.org/Versions/v3/3.0/cfgman/external_acl_type.html
> http://www.squid-cache.org/Versions/v3/3.0/cfgman/http_access.html
> http://www.squid-cache.org/Versions/v3/3.0/cfgman/deny_info.html

Thankyou for those links.  I'll look into it.

-- 
Troy Piggins
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux