Re: [squid-users] When worlds collide

From: Paul Bertain <paul_at_bertain.net>
Date: Sat, 12 Jul 2008 22:36:34 -0700

Would it work to put an entry on the Squid machine and to make sure
that /etc/nsswitch.conf has "hosts: files dns"?

That way, Squid sees it the same way, which is what it looks like Tuc
is trying to do.

Paul

On Jul 12, 2008, at 8:55 PM, Amos Jeffries wrote:

> Tuc at T-B-O-H.NET wrote:
>> Hi,
>> Running into a problem, not sure if or how to handle it.
>> User running windows has an entry in their (Windows
>> equiv of /etc/hosts) that says :
>> 192.168.3.10 SNEAKY.EXAMPLE.COM
>> For the rest of the world, SNEAKY.EXAMPLE.COM doesn't
>> exist (NXDOMAIN).
>> Without squid in transparent/WCCP2 mode, it appears that the user
>> contacts 192.168.3.10 and does his thing. With squid+
>> transparent+WCCP2, we end up with 503's. Is there even a way to be
>> able to address this, or is
>> the user just going to be out of luck period?
>
> Out of luck. Domain hijacking like this is precisely why squid
> doesn't trust the client-given dst IP in transparent mode.
>
> They will have to:
>
> a) connect to that domain using raw IP address in the URL.
>
> b) negotiate with the proxy admin to configure the proxy to
> selectively do the SNEAKY.EXAMPLE.COM redirect for them.
>
> Amos
> --
> Please use Squid 2.7.STABLE3 or 3.0.STABLE7
Received on Sun Jul 13 2008 - 05:36:40 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 13 2008 - 12:00:04 MDT