Hi,
Thats what I've done for this one user I found... The question
becomes how many other users are experiencing it but I don't know about.
(Userbase is the kind that generally doesn't complain. Anything that I've
found/fixed I did because I watch logs/etc)
Thanks, Tuc
>
> What I should have said was put an entry in /etc/hosts and then
> modify /etc/nsswitch.conf on the Squid box so that it sees that same
> host as valid.
>
> On Jul 12, 2008, at 10:36 PM, Paul Bertain wrote:
>
> > Would it work to put an entry on the Squid machine and to make sure
> > that /etc/nsswitch.conf has "hosts: files dns"?
> >
> > That way, Squid sees it the same way, which is what it looks like
> > Tuc is trying to do.
> >
> > Paul
> >
> > On Jul 12, 2008, at 8:55 PM, Amos Jeffries wrote:
> >
> >> Tuc at T-B-O-H.NET wrote:
> >>> Hi,
> >>> Running into a problem, not sure if or how to handle it.
> >>> User running windows has an entry in their (Windows
> >>> equiv of /etc/hosts) that says :
> >>> 192.168.3.10 SNEAKY.EXAMPLE.COM
> >>> For the rest of the world, SNEAKY.EXAMPLE.COM doesn't
> >>> exist (NXDOMAIN).
> >>> Without squid in transparent/WCCP2 mode, it appears that the user
> >>> contacts 192.168.3.10 and does his thing. With squid+
> >>> transparent+WCCP2, we end up with 503's. Is there even a way to
> >>> be able to address this, or is
> >>> the user just going to be out of luck period?
> >>
> >> Out of luck. Domain hijacking like this is precisely why squid
> >> doesn't trust the client-given dst IP in transparent mode.
> >>
> >> They will have to:
> >>
> >> a) connect to that domain using raw IP address in the URL.
> >>
> >> b) negotiate with the proxy admin to configure the proxy to
> >> selectively do the SNEAKY.EXAMPLE.COM redirect for them.
> >>
> >> Amos
> >> --
> >> Please use Squid 2.7.STABLE3 or 3.0.STABLE7
> >
>
Received on Sun Jul 13 2008 - 15:00:47 MDT
This archive was generated by hypermail 2.2.0 : Sun Jul 13 2008 - 12:00:04 MDT