Re: [squid-users] Squid, Symantec LiveUpdate, and HTTP 1.1 versus HTTP 1.0

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 29 Mar 2009 19:08:14 +1300

Wong wrote:
>> Wong wrote:
>>>>> I found that Symantec LU has round robin DNS. And they can change
>>>>> DNS A
>>>>> record at anytime.
>>>>>
>>>>> Isn't it better if Squid can bypass the domain name in squid.conf?
>>>>> Is it possible?
>>>>
>>>> Squid does many DNS things and has many controls for changing how it
>>>> does them.
>>>>
>>>> Correct use of DNS in stateless HTTP should not be causing any issue
>>>> at all.
>>>>
>>>> Is the RR-DNS causing you problems? if so what?
>>>>
>>>
>>> Amos,
>>>
>>> I think Symantec LU issue is not related to HTTP/1.1 as Squid support
>>> such version (need sometime to investigate).
>>>
>>> But if the request redirected to Squid, Symatec LU always failed. The
>>> fastest way is excluding LU request to Squid.
>>>
>>> May be it is OT discussion about how-to put FQDN in IPTABLES script.
>>> We need Squid to cache and monitor HTTP usage but Symantec LU is also
>>> need to run.
>>>
>>> Thx & Rgds,
>>>
>>> Wong
>>>
>>
>> Ah okay I think I understand you now.
>
> Thanks Amos.
>
>> No it's not possible to bypass squid with squid.conf settings. The
>> problem is that by the time the request gets to Squid its far too late
>> to not send it to squid.
>
> So, it means there is no chance to "pass-through the dst domain" of HTTP
> Request in Squid itself, am I right?

Yes.

>
> If yes, the only way is exclude redirection at routing session (before
> Squid). But it seems IPTABLES unable use FQDN to exclude Symantec LU.
>

Yes. iptables + WPAD to bias source selection if you can towards one of
the IPs okayed by iptables.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.6
Received on Sun Mar 29 2009 - 06:08:17 MDT

This archive was generated by hypermail 2.2.0 : Sun Mar 29 2009 - 12:00:02 MDT