On Wed, 26 Oct 2011 17:28:21 -0700, David Wake wrote:
Hi there,
I'm using Squid 3.1 as part of a proxy chain. I'm trying to make
Squid use the local /etc/hosts file for name resolution before
forwarding the request to the next proxy in the chain, but I've been
I think not. You are clearly trying to do something (X), and decided
that DNS lookup (Y) is the way to get there. And ask us only how to do
Y. If you explain what the original X is we can probably help you reach
the real solution (Z).
unable to make it work, even by explicitly using the hosts_file
directive. I'd be really grateful if anyone could help!
hosts is a possible source for DNS results. Squid by default uses hosts
values when it requires DNS lookup. All you can do is tell it where to
find the hosts file, or point it at an empty file.
Passing requests to a chained proxy does not naturally require DNS. You
already have a static configured destination (the peer). So no DNS
lookup is done.
The peer/parent proxy may or may not do its own DNS lookups to decide
where to send the request.
Here's an example:
I'll access a website normally via the proxy, with no weirdness in
/etc/hosts
> cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
> echo $http_proxy
http://localhost:3128
> curl http://yahoo.com
The document has moved <A HREF="http://www.yahoo.com/";>here</A>.<P>
<!-- w33.fp.sk1.yahoo.com uncompressed/chunked Wed Oct 26 17:12:17
PDT 2011 -->
Now I'll change /etc/hosts to point yahoo.com to google.com. Notice
that the proxy doesn't respect this: it still goes to yahoo.com
rather than google.com.
> cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
74.125.224.148 yahoo.com ### IP of google.com
> echo $http_proxy
http://localhost:3128
> curl http://yahoo.com
The document has moved <A HREF="http://www.yahoo.com/";>here</A>.<P>
<!-- w59.fp.sp2.yahoo.com uncompressed/chunked Wed Oct 26 17:13:06
PDT 2011 -->
What happens here:
* "http://www.yahoo.com/"; needs to be fetched.
* curl asks your proxy
* your proxy passes everything to its parent
* the parent proxy does something to fetch it.
Now I'll disable the local proxy, and /etc/localhosts is respected.
> unset http_proxy
> curl http://yahoo.com
<HTML><HEAD><meta http-equiv="content-type"
content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.com/";>here</A>.
</BODY></HTML>
What happens here:
* "http://www.yahoo.com/"; needs to be fetched.
* curl looks up DNS (finds hosts entry)
* curl fetches the URL from DNS listed server
Here is my squid.conf:
visible_hostname localhost
http_port 3128
acl all src all
acl all_src src all
"all" and all_src" are identical. Just use "all" instead of "all_src".
acl all_dst dst all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localhost_dst dst 127.0.0.1/32
http_access allow manager localhost
http_access deny manager all_src
http_access allow localhost
http_access deny all_src
So you reject requests which come from any machine with an IP address.
AKA "http_access deny all". The lines which follow it are can not be
reached and so can be erased.
http_access allow all_dst
http_access deny localhost_dst
http_reply_access allow all_src
icp_access deny all_src
coredump_dir /tmp
never_direct allow all
You have configured this Squid *never* to "go direct" to any DNS (ie
hosts) listed destination.
no_cache deny all
NP: Remove the "no_" part of the above line. It make the directive
confusing.
peer_connect_timeout 120 seconds
strip_query_terms off
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
useragent_log /var/log/squid/useragent.log
referer_log /var/log/squid/referer.log
cache_peer XX.XX.XX.XX parent 3128 0 login=XXXXX:XXXXXXXXXXX
hosts_file /etc/hosts
Amos
