What I should have said was put an entry in /etc/hosts and then
modify /etc/nsswitch.conf on the Squid box so that it sees that same
host as valid.
On Jul 12, 2008, at 10:36 PM, Paul Bertain wrote:
> Would it work to put an entry on the Squid machine and to make sure
> that /etc/nsswitch.conf has "hosts: files dns"?
>
> That way, Squid sees it the same way, which is what it looks like
> Tuc is trying to do.
>
> Paul
>
> On Jul 12, 2008, at 8:55 PM, Amos Jeffries wrote:
>
>> Tuc at T-B-O-H.NET wrote:
>>> Hi,
>>> Running into a problem, not sure if or how to handle it.
>>> User running windows has an entry in their (Windows
>>> equiv of /etc/hosts) that says :
>>> 192.168.3.10 SNEAKY.EXAMPLE.COM
>>> For the rest of the world, SNEAKY.EXAMPLE.COM doesn't
>>> exist (NXDOMAIN).
>>> Without squid in transparent/WCCP2 mode, it appears that the user
>>> contacts 192.168.3.10 and does his thing. With squid+
>>> transparent+WCCP2, we end up with 503's. Is there even a way to
>>> be able to address this, or is
>>> the user just going to be out of luck period?
>>
>> Out of luck. Domain hijacking like this is precisely why squid
>> doesn't trust the client-given dst IP in transparent mode.
>>
>> They will have to:
>>
>> a) connect to that domain using raw IP address in the URL.
>>
>> b) negotiate with the proxy admin to configure the proxy to
>> selectively do the SNEAKY.EXAMPLE.COM redirect for them.
>>
>> Amos
>> --
>> Please use Squid 2.7.STABLE3 or 3.0.STABLE7
>
Received on Sun Jul 13 2008 - 06:18:34 MDT
This archive was generated by hypermail 2.2.0 : Sun Jul 13 2008 - 12:00:04 MDT