Thanks Amos, sorry for late reply.
Hmm....... I have to find the IPTABLES "redirection" solution.
Thx & Rgds,
Wong
----- Original Message -----
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: "Wong" <wongbali@xxxxxxxxxx>
Cc: "Marcus Kool" <marcus.kool@xxxxxxxxxxxxxxx>; "Squid-users"
<squid-users@xxxxxxxxxxxxxxx>
Sent: Sunday, March 29, 2009 14:08
Subject: Re: Squid, Symantec LiveUpdate, and HTTP 1.1 versus
HTTP 1.0
Wong wrote:
Wong wrote:
I found that Symantec LU has round robin DNS. And they can change DNS
A
record at anytime.
Isn't it better if Squid can bypass the domain name in squid.conf?
Is it possible?
Squid does many DNS things and has many controls for changing how it
does them.
Correct use of DNS in stateless HTTP should not be causing any issue
at all.
Is the RR-DNS causing you problems? if so what?
Amos,
I think Symantec LU issue is not related to HTTP/1.1 as Squid support
such version (need sometime to investigate).
But if the request redirected to Squid, Symatec LU always failed. The
fastest way is excluding LU request to Squid.
May be it is OT discussion about how-to put FQDN in IPTABLES script. We
need Squid to cache and monitor HTTP usage but Symantec LU is also need
to run.
Thx & Rgds,
Wong
Ah okay I think I understand you now.
Thanks Amos.
No it's not possible to bypass squid with squid.conf settings. The
problem is that by the time the request gets to Squid its far too late
to not send it to squid.
So, it means there is no chance to "pass-through the dst domain" of HTTP
Request in Squid itself, am I right?
Yes.
If yes, the only way is exclude redirection at routing session (before
Squid). But it seems IPTABLES unable use FQDN to exclude Symantec LU.
Yes. iptables + WPAD to bias source selection if you can towards one of
the IPs okayed by iptables.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.6
