On 30/11/19 4:49 am, Romanov Vonamor wrote: > Hello. > > I'm trying to configure Squid 4.9 in such a way that it does not perform > a reverse IP lookup of the client at approximately every HTTP request. > The PTR lookup happens immediately after the connection, before the HTTP > request is even parsed. > Any insight would be greatly appreciated. > The PTR should only need to be looked up at all if something needs to use the client FQDN. Usually that is logging. I suspect your build auto-enabled ICAP features which uses the FQDN for icap_log. If you do not need or plan to use ICAP features you can rebuild with --disable-icap which should resolve this. > Romanov > > -------- 8< -------- > Log: > > 2019/11/29 14:02:15.765 kid1| 5,2| TcpAcceptor.cc(224) doAccept: New > connection on FD 8 > 2019/11/29 14:02:15.765 kid1| 5,2| TcpAcceptor.cc(312) acceptNext: > connection on local=0.0.0.0:3130 remote=[::] FD 8 flags=9 > 2019/11/29 14:02:15.770 kid1| 51,3| fd.cc(198) fd_open: fd_open() FD 9 > HTTP Request > 2019/11/29 14:02:15.770 kid1| 33,4| client_side.cc(2520) httpAccept: > local=10.254.236.19:3130 remote=10.229.200.152:56040 FD 9 flags=1: accepted > 2019/11/29 14:02:15.770 kid1| 35,4| fqdncache.cc(420) > fqdncache_nbgethostbyaddr: fqdncache_nbgethostbyaddr: Name '10.229.200.152'. > 2019/11/29 14:02:15.771 kid1| 78,3| dns_internal.cc(1831) idnsPTRLookup: > idnsPTRLookup: buf is 45 bytes for 10.229.200.152, id = 0x5eb3 > > -------- 8< -------- > [root@sls squid-4.9]# squid -v > Squid Cache: Version 4.9 > Service Name: squid > configure options: --enable-ltdl-convenience > > -------- 8< -------- > [root@sls sls]# squid -u0 -f /etc/squid/sites/sls/sls.conf -k parse > 2019/11/29 14:49:21| Startup: Initializing Authentication Schemes ... > 2019/11/29 14:49:21| Startup: Initialized Authentication Scheme 'basic' > 2019/11/29 14:49:21| Startup: Initialized Authentication Scheme 'digest' > 2019/11/29 14:49:21| Startup: Initialized Authentication Scheme 'negotiate' > 2019/11/29 14:49:21| Startup: Initialized Authentication Scheme 'ntlm' > 2019/11/29 14:49:21| Startup: Initialized Authentication. > 2019/11/29 14:49:21| aclIpParseIpData: IPv6 has not been enabled. > 2019/11/29 14:49:21| aclIpParseIpData: IPv6 has not been enabled. > 2019/11/29 14:49:21| Processing Configuration File: > /etc/squid/sites/sls/sls.conf (depth 0) > 2019/11/29 14:49:21| Processing: visible_hostname sls > 2019/11/29 14:49:21| Processing: acl from-all src all That is pretty pointless. "src all" is the definition of the built-in "all" ACL. Might as well use that instead of these 'from-all' and make it more clear that you have no restrictions on what clients can do with your proxy. > 2019/11/29 14:49:21| Processing: http_access deny !safe-ports > 2019/11/29 14:49:21| Processing: http_access deny CONNECT !ssl-ports > 2019/11/29 14:49:21| Processing: http_access allow from-all > 2019/11/29 14:49:21| Processing: cache_log > stdio:/proxy/logs/squid/sls/cache-sls.log > > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
