Re: [squid-users] Squid, Symantec LiveUpdate, and HTTP 1.1 versus HTTP 1.0 from Wong on 2009-04-02 (squid-users)

From: Wong <wongbali_at_telkom.net>
Date: Fri, 3 Apr 2009 12:59:28 +0800

Thanks Amos, sorry for late reply.

Hmm....... I have to find the IPTABLES "redirection" solution.

Thx & Rgds,

Wong

----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: "Wong" <wongbali_at_telkom.net>
Cc: "Marcus Kool" <marcus.kool_at_urlfilterdb.com>; "Squid-users"
<squid-users_at_squid-cache.org>
Sent: Sunday, March 29, 2009 14:08
Subject: Re: [squid-users] Squid, Symantec LiveUpdate, and HTTP 1.1 versus
HTTP 1.0

> Wong wrote:
>>> Wong wrote:
>>>>>> I found that Symantec LU has round robin DNS. And they can change DNS
>>>>>> A
>>>>>> record at anytime.
>>>>>>
>>>>>> Isn't it better if Squid can bypass the domain name in squid.conf?
>>>>>> Is it possible?
>>>>>
>>>>> Squid does many DNS things and has many controls for changing how it
>>>>> does them.
>>>>>
>>>>> Correct use of DNS in stateless HTTP should not be causing any issue
>>>>> at all.
>>>>>
>>>>> Is the RR-DNS causing you problems? if so what?
>>>>>
>>>>
>>>> Amos,
>>>>
>>>> I think Symantec LU issue is not related to HTTP/1.1 as Squid support
>>>> such version (need sometime to investigate).
>>>>
>>>> But if the request redirected to Squid, Symatec LU always failed. The
>>>> fastest way is excluding LU request to Squid.
>>>>
>>>> May be it is OT discussion about how-to put FQDN in IPTABLES script. We
>>>> need Squid to cache and monitor HTTP usage but Symantec LU is also need
>>>> to run.
>>>>
>>>> Thx & Rgds,
>>>>
>>>> Wong
>>>>
>>>
>>> Ah okay I think I understand you now.
>>
>> Thanks Amos.
>>
>>> No it's not possible to bypass squid with squid.conf settings. The
>>> problem is that by the time the request gets to Squid its far too late
>>> to not send it to squid.
>>
>> So, it means there is no chance to "pass-through the dst domain" of HTTP
>> Request in Squid itself, am I right?
>
> Yes.
>
>>
>> If yes, the only way is exclude redirection at routing session (before
>> Squid). But it seems IPTABLES unable use FQDN to exclude Symantec LU.
>>
>
> Yes. iptables + WPAD to bias source selection if you can towards one of
> the IPs okayed by iptables.
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
> Current Beta Squid 3.1.0.6
>
Received on Fri Apr 03 2009 - 04:59:55 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 03 2009 - 12:00:01 MDT