Search squid archive

Re: squid host mapping problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ryan haynes wrote:
using squid 2.6.STABLE18 on ubuntu

i have an old internal webserver at x.y.82.15 that needs to go away.
the new internal webserver is at x.y.82.11
i've changed the /etc/hosts file to point to the new address but my
clients keep getting content from the old webserver from squid.

on the squid server i can ping the hostname ourcompany.web and it
correctly resolves to x.y.82.11

on the squid server (using itself as a proxy) i can connect to
http://ourcompany.web and it pulls content from the correct webserver.
however clients still get the old server. they are xp clients and they
have no hostname configured and ourcompany.web does not resolve thru
dns.

i did "sudo grep -r x.y.82.15 /etc/*" just to see if there was some
other hosts mapping somewhere and it did turn up "/etc/hosts~" with
x.y.82.15 but  i fixed  that one, restarted squid and no luck and then
i restarted the server and still nothing (can anyone tell me what that
/etc/hosts~ file is???)

http://mark.kolich.com/2008/10/howto-configure-vi-to-stop-saving-annoying-tilde-backup-files.html

i suspected the old site was getting cached out but i dont think im
even using caching but please correct me if im wrong

You are not explicitly NOT caching, so that's the most likely answer. Tail your access.log and look for x.x.82.15:

tail -f /var/log/squid/access.log | fgrep x.x.82.15.

That will tell you for sure if Squid is sending any requests to the old server.

/etc/hosts & etc/squid/squid.conf below .. routable addresses have been masked.

if im overlooking something stupid please feel free to berate me.

thanks for any help!

**************************************
127.0.0.1 localhost
127.0.1.1 proxy01
x.y.82.11 ourcompany.web

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
**************************************

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443          # https
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl purge method PURGE
acl CONNECT method CONNECT
acl 82.0_network src x.y.82.0/24
acl 81.0_network src x.y.81.0/24
acl loopback src 127.0.0.1
acl 10.193.15_network src 10.193.15.0/24
acl 10.193.16_network src 10.193.16.0/24
acl 10.193.17_network src 10.193.17.0/26
acl blocksites url_regex "/etc/squid/blacklist"
acl internal_domain dstdomain .ourcompany.web

cache_peer x.y.82.11 parent 80 0 no-query no-digest name=internalA

cache_peer_access internalA allow internal_domain
cache_peer_access internalA deny all

http_access deny blocksites
http_access allow loopback
http_access allow 82.0_network
http_access allow 81.0_network
http_access allow 10.193.15_network
http_access allow 10.193.16_network
http_access allow 10.193.17_network
http_access allow manager localhost
http_access deny manager

These two lines should be moved to the top of the http_access list. Otherwise, they are useless. Manager access is allowed along with everything else by the other allows.

http_access allow purge localhost

Perhaps you want to move this one up to, but there is no explicit deny on purge...

icp_access allow all

http_port 8080
hierarchy_stoplist cgi-bin ?

access_log /var/log/squid/access.log squid

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache


extension_methods REPORT MERGE MKACTIVITY CHECKOUT

visible_hostname proxy01
hosts_file /etc/hosts

coredump_dir /var/spool/squid

Chris


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux