Re: ACLs - a seriously weird thing

From: <rstagg@dont-contact.us>
Date: Thu, 18 Feb 1999 09:26:35 +0000

Hi Chris,

It's a nice theory - I shall certainly add the netmask and check it out.

Two things though: firstly, I tried a _lot_ of sites, and so did my
colleagues. I can't believe that all of the .uk sites that failed were
blocked because of this problem - more than 100, chosen at random... it
stretches belief.

Secondly, CSC (my employers) own the 20.x.x.x address range, so it'll
always be internal for me.

However, I'll give it a look.

Rgds

Richard Stagg

chris@nmedia.net on 17/02/99 20:42:57

To: Richard Stagg/TMU/CSC
cc: squid-users@ircache.net
Subject: Re: ACLs - a seriously weird thing

I'm gonna take a stab in the dark here...
Perhaps Squid is interpreting the ACL for 20.20.20.20 as a full class A
because you didn't specify a netmask... and the .uk sites you are visiting
happen to fall in the same "class a" space....????
Try 20.20.20.20/32 in your acl and see if the behaviour continues?
On Wed, 17 Feb 1999 rstagg@csc.com wrote:
 | Greetings,
 |
 | I've just seen something worryingly weird on one of my caches. It's a
 | Squid2.1PATCH2 install on a Solaris 2.6 Enterprise 450.
 |
 | Yesterday I had a call from a colleague; he was trying to access a
server
 | (call it 20.20.20.20) which is internal to our company. Squid thought it
 | was external, but this was not a problem. I added:
 |
 | acl int_ip_host dst 20.20.20.20
 | always_direct allow int_ip_host
 |
 | This fixed the problem. Then the performance started to suffer. The
cache
 | became intermittent, and it took me _ages_ to figure out what was going
on.
 |
 | You'll love this: If I browsed sites ending in .com, .net, .se, .org...
etc
 | etc, in fact most sites, they were fine. If I browsed a site ending in
.uk,
 | the cache sat and thought about it for a full minute before giving me a
 | couple of objects and then going back into catatonia. I removed the
above
 | two lines from squid.conf, and the problem vanished. I tested and
retested
 | this, on the grounds that it's clearly nonsense, but the fact is
apparent
 | that the lines above break the cache, _only_ on *.uk sites.
 |
 | I'm totally confused by this. Is this a bug? Have I mucked up? Does
anyone
 | have any ideas?
 |
 | Regards
 |
 | Richard Stagg
 |
 |
 | 

--
Preinstalled OpenBSD systems
http://www.nmedia.net/bsd/
Received on Thu Feb 18 1999 - 05:05:56 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:36 MST