Re: Reverse DNS Lookup for client IPs

[Stefan Hölzle <stefan@xxxxxxxxxxxx>]

Maybe my squid.conf will help to solve this.
I checked this configuration with "squid -k check".

squid.conf (external_ip, /opt/some_program and /etc/squid/file.list must be corrected):

#### AUTHENTICATION ####
external_acl_type ext_name_a %LOGIN /opt/some_program ext_name_a_arg
external_acl_type ext_name_c %LOGIN %SRC /opt/some_program ext_name_c_arg
auth_param digest program /opt/some_program digestauth
auth_param digest realm Hello
auth_param digest children 1 startup=1 idle=1 concurrency=500
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 5000
auth_param digest check_nonce_count off


#### ACL ####
acl localnet src 192.168.0.0/24
acl to_localnet dst 192.168.0.0/24

acl CONNECT_allowexceptions dstdom_regex -i some_domain$
acl CONNECT_Safe_ports port 443
acl CONNECT method CONNECT

acl snmppublic snmp_community public

acl auth_passed proxy_auth REQUIRED
acl ext_name_c_passed external ext_name_c
acl ext_name_a_passed external ext_name_a

# special exceptions
acl special_url url_regex some_regex
http_access deny special_url
deny_info 200:ERR_PAGE_NAME special_url

# special rules
acl some_rule dstdom_regex -i some_regex
acl ext_list dstdom_regex -i "/etc/squid/file.list"


#### ACCESS ####
http_access allow manager localnet
http_access deny manager

http_access allow CONNECT CONNECT_allowexceptions
http_access deny CONNECT !CONNECT_Safe_ports
http_access deny to_localhost
http_access deny to_localnet
http_access deny special_url
http_access deny ext_list

http_access allow localnet
http_access allow localhost

http_access allow some_rule

# activate additional external acls
http_access allow ext_name_a_passed !all

http_access deny !ext_name_c_passed

http_access allow auth_passed

http_access deny all

deny_info 403:ERR_ACCESS_DENIED ext_name_c_passed


#### LOGS ####
cache_log /var/log/squid/cache.log
coredump_dir /var/log/squid
strip_query_terms off
error_log_languages off


#### BANDWIDTH LIMITS ####
delay_pools 2
delay_class 1 4
delay_class 2 4

delay_parameters 1 -1/-1 -1/-1 -1/-1 102400/102400
delay_access 1 allow !ext_name_a_passed
delay_parameters 2 -1/-1 -1/-1 -1/-1 2097152/10500000
delay_access 2 allow ext_name_a_passed


#### CACHE ####
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern .        0    20%    4320


#### ANONYMITY FILTER ####
request_header_access Via deny all
request_header_access X-Forwarded-For deny all

#### VARIOUS ####
ftp_user some_ftp_user

request_header_max_size 128 KB
reply_header_max_size 128 KB

snmp_port 6789
snmp_access allow snmppublic localnet
snmp_access deny all

shutdown_lifetime 2 seconds

dns_v4_first on
client_db off

#### IP PORT CONFIG ####
http_port 192.168.0.1:3456

acl port80 localport 80
acl port443 localport 443

http_port external_ip:80

acl ext_ip localip external_ip

tcp_outgoing_address external_ip ext_ip port80
tcp_outgoing_address external_ip ext_ip port443

cache_mem 250 MB

On 04.02.2016 16:27, Stefan Hölzle wrote:

Thanks for the hint.

I switched client_db off. As expected, I don't get any report for client_list in the cachemanager anymore.

However squid still does PTR lookups.

On 04.02.2016 16:09, Yuri Voinov wrote:
>

#  TAG: client_db    on|off
#    If you want to disable collecting per-client statistics,
#    turn off client_db here.
#Default:
# client_db on

Feel free to read squid.conf.documented before.

04.02.16 21:06, Stefan Hölzle пишет:
> On 04.02.2016 14:22, Amos
      Jeffries wrote:

      >> On 5/02/2016 12:41 a.m., Stefan Hölzle wrote:

      >>> Hello,

      >>>

      >>> I'm using a squid configured as proxy.

      >>> According to the cache log, squid is doing a reverse
      dns lookup for

      >>> client ips:

      >>>

      >>> 78,3| dns_internal.cc(1794) idnsPTRLookup:
      idnsPTRLookup: buf is 42

      >>> bytes for SOME_SOURCE_IP

      >>>

      >>> I'm only using the following configuration parameters
      that might be

      >>> relevant for this issue.

      >>> external_acl_type

      >>> acl aclname src

      >>> acl aclname dst

      >>> acl aclname dstdom_regex

      >>> acl aclname port

      >>> acl aclname proxy_auth

      >>> acl aclname external

      >>> acl aclname url_regex

      >>>

      >>> Any ideas why squid is doing PTR lookups anyway ?

      >> Because that list is incomplete.

      >>

      >> The format parameters for external_acl_type, any *_extras
      rules for

      >> helper formats, and logformat rules also may make use of
      the client

      >> hostname (if any).

      >>

      >> Also, anyone viewing the cachemanager clientdb report
      will trigger some

      >> as the report is generated.

      >>

      >> Amos

      >>

      >> _______________________________________________

      >> squid-users mailing list

      >> squid-users@xxxxxxxxxxxxxxxxxxxxx

      >> http://lists.squid-cache.org/listinfo/squid-users

      > Thanks for the quick reply Amos.



      > * Used formats for external_acl_type are: %LOGIN, %SRC

      > * There are no *_extras rules defined (store_id_extras


      <http://www.squid-cache.org/Doc/config/store_id_extras/>,

      > url_rewrite_extras


      <http://www.squid-cache.org/Doc/config/url_rewrite_extras/>)

      > * logformat defaults are used (there should be nothing in
      there

      > responsible for a ptr lookup)



      > I guess its the cachemanager then.

      > There are actually PTR results listed in the client_list of
      the

      > cachemanager.



      > I tried blocking access to the cachemanager by adding the
      folling rule:

      > http_access deny manager



      > However, squid still does PTR lookups.

      > How can I prevent the clientdb reports to be generated ?







      > _______________________________________________

      > squid-users mailing list

      > squid-users@xxxxxxxxxxxxxxxxxxxxx

      > http://lists.squid-cache.org/listinfo/squid-users

> > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users