[squid-users] Reverse DNS Lookup for client IPs

Stefan Hölzle stefan at hoelzle.work
Thu Feb 11 14:31:48 UTC 2016 

Maybe my squid.conf will help to solve this.
I checked this configuration with "squid -k check".

squid.conf (external_ip, /opt/some_program and /etc/squid/file.list must
be corrected):

#### AUTHENTICATION ####
external_acl_type ext_name_a %LOGIN /opt/some_program ext_name_a_arg
external_acl_type ext_name_c %LOGIN %SRC /opt/some_program ext_name_c_arg
auth_param digest program /opt/some_program digestauth
auth_param digest realm Hello
auth_param digest children 1 startup=1 idle=1 concurrency=500
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 5000
auth_param digest check_nonce_count off


#### ACL ####
acl localnet src 192.168.0.0/24
acl to_localnet dst 192.168.0.0/24

acl CONNECT_allowexceptions dstdom_regex -i some_domain$
acl CONNECT_Safe_ports port 443
acl CONNECT method CONNECT

acl snmppublic snmp_community public

acl auth_passed proxy_auth REQUIRED
acl ext_name_c_passed external ext_name_c
acl ext_name_a_passed external ext_name_a

# special exceptions
acl special_url url_regex some_regex
http_access deny special_url
deny_info 200:ERR_PAGE_NAME special_url

# special rules
acl some_rule dstdom_regex -i some_regex
acl ext_list dstdom_regex -i "/etc/squid/file.list"


#### ACCESS ####
http_access allow manager localnet
http_access deny manager

http_access allow CONNECT CONNECT_allowexceptions
http_access deny CONNECT !CONNECT_Safe_ports
http_access deny to_localhost
http_access deny to_localnet
http_access deny special_url
http_access deny ext_list

http_access allow localnet
http_access allow localhost

http_access allow some_rule

# activate additional external acls
http_access allow ext_name_a_passed !all

http_access deny !ext_name_c_passed

http_access allow auth_passed

http_access deny all

deny_info 403:ERR_ACCESS_DENIED ext_name_c_passed


#### LOGS ####
cache_log /var/log/squid/cache.log
coredump_dir /var/log/squid
strip_query_terms off
error_log_languages off


#### BANDWIDTH LIMITS ####
delay_pools 2
delay_class 1 4
delay_class 2 4

delay_parameters 1 -1/-1 -1/-1 -1/-1 102400/102400
delay_access 1 allow !ext_name_a_passed
delay_parameters 2 -1/-1 -1/-1 -1/-1 2097152/10500000
delay_access 2 allow ext_name_a_passed


#### CACHE ####
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern .        0    20%    4320


#### ANONYMITY FILTER ####
request_header_access Via deny all
request_header_access X-Forwarded-For deny all

#### VARIOUS ####
ftp_user some_ftp_user

request_header_max_size 128 KB
reply_header_max_size 128 KB

snmp_port 6789
snmp_access allow snmppublic localnet
snmp_access deny all

shutdown_lifetime 2 seconds

dns_v4_first on
client_db off

#### IP PORT CONFIG ####
http_port 192.168.0.1:3456

acl port80 localport 80
acl port443 localport 443

http_port external_ip:80

acl ext_ip localip external_ip

tcp_outgoing_address external_ip ext_ip port80
tcp_outgoing_address external_ip ext_ip port443

cache_mem 250 MB


On 04.02.2016 16:27, Stefan Hölzle wrote:
> Thanks for the hint.
>
> I switched client_db off. As expected, I don't get any report for
> client_list in the cachemanager anymore.
>
> However squid still does PTR lookups.
>
> On 04.02.2016 16:09, Yuri Voinov wrote:
> >
>> #  TAG: client_db    on|off
>> #    If you want to disable collecting per-client statistics,
>> #    turn off client_db here.
>> #Default:
>> # client_db on
>>
>> Feel free to read squid.conf.documented before.
>>
>> 04.02.16 21:06, Stefan Hölzle пишет:
>> > On 04.02.2016 14:22, Amos
>>       Jeffries wrote:
>>
>>       >> On 5/02/2016 12:41 a.m., Stefan Hölzle wrote:
>>
>>       >>> Hello,
>>
>>       >>>
>>
>>       >>> I'm using a squid configured as proxy.
>>
>>       >>> According to the cache log, squid is doing a reverse
>>       dns lookup for
>>
>>       >>> client ips:
>>
>>       >>>
>>
>>       >>> 78,3| dns_internal.cc(1794) idnsPTRLookup:
>>       idnsPTRLookup: buf is 42
>>
>>       >>> bytes for SOME_SOURCE_IP
>>
>>       >>>
>>
>>       >>> I'm only using the following configuration parameters
>>       that might be
>>
>>       >>> relevant for this issue.
>>
>>       >>> external_acl_type
>>
>>       >>> acl aclname src
>>
>>       >>> acl aclname dst
>>
>>       >>> acl aclname dstdom_regex
>>
>>       >>> acl aclname port
>>
>>       >>> acl aclname proxy_auth
>>
>>       >>> acl aclname external
>>
>>       >>> acl aclname url_regex
>>
>>       >>>
>>
>>       >>> Any ideas why squid is doing PTR lookups anyway ?
>>
>>       >> Because that list is incomplete.
>>
>>       >>
>>
>>       >> The format parameters for external_acl_type, any *_extras
>>       rules for
>>
>>       >> helper formats, and logformat rules also may make use of
>>       the client
>>
>>       >> hostname (if any).
>>
>>       >>
>>
>>       >> Also, anyone viewing the cachemanager clientdb report
>>       will trigger some
>>
>>       >> as the report is generated.
>>
>>       >>
>>
>>       >> Amos
>>
>>       >>
>>
>>       >> _______________________________________________
>>
>>       >> squid-users mailing list
>>
>>       >> squid-users at lists.squid-cache.org
>>
>>       >> http://lists.squid-cache.org/listinfo/squid-users
>>
>>       > Thanks for the quick reply Amos.
>>
>>
>>
>>       > * Used formats for external_acl_type are: %LOGIN, %SRC
>>
>>       > * There are no *_extras rules defined (store_id_extras
>>
>>
>>       <http://www.squid-cache.org/Doc/config/store_id_extras/>,
>>
>>       > url_rewrite_extras
>>
>>
>>       <http://www.squid-cache.org/Doc/config/url_rewrite_extras/>)
>>
>>       > * logformat defaults are used (there should be nothing in
>>       there
>>
>>       > responsible for a ptr lookup)
>>
>>
>>
>>       > I guess its the cachemanager then.
>>
>>       > There are actually PTR results listed in the client_list of
>>       the
>>
>>       > cachemanager.
>>
>>
>>
>>       > I tried blocking access to the cachemanager by adding the
>>       folling rule:
>>
>>       > http_access deny manager
>>
>>
>>
>>       > However, squid still does PTR lookups.
>>
>>       > How can I prevent the clientdb reports to be generated ?
>>
>>
>>
>>
>>
>>
>>
>>       > _______________________________________________
>>
>>       > squid-users mailing list
>>
>>       > squid-users at lists.squid-cache.org
>>
>>       > http://lists.squid-cache.org/listinfo/squid-users
>>
> > > > > _______________________________________________ > squid-users
> mailing list > squid-users at lists.squid-cache.org >
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160211/b4505f86/attachment-0001.html>

More information about the squid-users mailing list