[squid-users] Reverse DNS Lookup for client IPs
Stefan Hölzle
stefan at hoelzle.work
Thu Feb 11 14:31:48 UTC 2016
Maybe my squid.conf will help to solve this.
I checked this configuration with "squid -k check".
squid.conf (external_ip, /opt/some_program and /etc/squid/file.list must
be corrected):
#### AUTHENTICATION ####
external_acl_type ext_name_a %LOGIN /opt/some_program ext_name_a_arg
external_acl_type ext_name_c %LOGIN %SRC /opt/some_program ext_name_c_arg
auth_param digest program /opt/some_program digestauth
auth_param digest realm Hello
auth_param digest children 1 startup=1 idle=1 concurrency=500
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 5000
auth_param digest check_nonce_count off
#### ACL ####
acl localnet src 192.168.0.0/24
acl to_localnet dst 192.168.0.0/24
acl CONNECT_allowexceptions dstdom_regex -i some_domain$
acl CONNECT_Safe_ports port 443
acl CONNECT method CONNECT
acl snmppublic snmp_community public
acl auth_passed proxy_auth REQUIRED
acl ext_name_c_passed external ext_name_c
acl ext_name_a_passed external ext_name_a
# special exceptions
acl special_url url_regex some_regex
http_access deny special_url
deny_info 200:ERR_PAGE_NAME special_url
# special rules
acl some_rule dstdom_regex -i some_regex
acl ext_list dstdom_regex -i "/etc/squid/file.list"
#### ACCESS ####
http_access allow manager localnet
http_access deny manager
http_access allow CONNECT CONNECT_allowexceptions
http_access deny CONNECT !CONNECT_Safe_ports
http_access deny to_localhost
http_access deny to_localnet
http_access deny special_url
http_access deny ext_list
http_access allow localnet
http_access allow localhost
http_access allow some_rule
# activate additional external acls
http_access allow ext_name_a_passed !all
http_access deny !ext_name_c_passed
http_access allow auth_passed
http_access deny all
deny_info 403:ERR_ACCESS_DENIED ext_name_c_passed
#### LOGS ####
cache_log /var/log/squid/cache.log
coredump_dir /var/log/squid
strip_query_terms off
error_log_languages off
#### BANDWIDTH LIMITS ####
delay_pools 2
delay_class 1 4
delay_class 2 4
delay_parameters 1 -1/-1 -1/-1 -1/-1 102400/102400
delay_access 1 allow !ext_name_a_passed
delay_parameters 2 -1/-1 -1/-1 -1/-1 2097152/10500000
delay_access 2 allow ext_name_a_passed
#### CACHE ####
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern . 0 20% 4320
#### ANONYMITY FILTER ####
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
#### VARIOUS ####
ftp_user some_ftp_user
request_header_max_size 128 KB
reply_header_max_size 128 KB
snmp_port 6789
snmp_access allow snmppublic localnet
snmp_access deny all
shutdown_lifetime 2 seconds
dns_v4_first on
client_db off
#### IP PORT CONFIG ####
http_port 192.168.0.1:3456
acl port80 localport 80
acl port443 localport 443
http_port external_ip:80
acl ext_ip localip external_ip
tcp_outgoing_address external_ip ext_ip port80
tcp_outgoing_address external_ip ext_ip port443
cache_mem 250 MB
On 04.02.2016 16:27, Stefan Hölzle wrote:
> Thanks for the hint.
>
> I switched client_db off. As expected, I don't get any report for
> client_list in the cachemanager anymore.
>
> However squid still does PTR lookups.
>
> On 04.02.2016 16:09, Yuri Voinov wrote:
> >
>> # TAG: client_db on|off
>> # If you want to disable collecting per-client statistics,
>> # turn off client_db here.
>> #Default:
>> # client_db on
>>
>> Feel free to read squid.conf.documented before.
>>
>> 04.02.16 21:06, Stefan Hölzle пишет:
>> > On 04.02.2016 14:22, Amos
>> Jeffries wrote:
>>
>> >> On 5/02/2016 12:41 a.m., Stefan Hölzle wrote:
>>
>> >>> Hello,
>>
>> >>>
>>
>> >>> I'm using a squid configured as proxy.
>>
>> >>> According to the cache log, squid is doing a reverse
>> dns lookup for
>>
>> >>> client ips:
>>
>> >>>
>>
>> >>> 78,3| dns_internal.cc(1794) idnsPTRLookup:
>> idnsPTRLookup: buf is 42
>>
>> >>> bytes for SOME_SOURCE_IP
>>
>> >>>
>>
>> >>> I'm only using the following configuration parameters
>> that might be
>>
>> >>> relevant for this issue.
>>
>> >>> external_acl_type
>>
>> >>> acl aclname src
>>
>> >>> acl aclname dst
>>
>> >>> acl aclname dstdom_regex
>>
>> >>> acl aclname port
>>
>> >>> acl aclname proxy_auth
>>
>> >>> acl aclname external
>>
>> >>> acl aclname url_regex
>>
>> >>>
>>
>> >>> Any ideas why squid is doing PTR lookups anyway ?
>>
>> >> Because that list is incomplete.
>>
>> >>
>>
>> >> The format parameters for external_acl_type, any *_extras
>> rules for
>>
>> >> helper formats, and logformat rules also may make use of
>> the client
>>
>> >> hostname (if any).
>>
>> >>
>>
>> >> Also, anyone viewing the cachemanager clientdb report
>> will trigger some
>>
>> >> as the report is generated.
>>
>> >>
>>
>> >> Amos
>>
>> >>
>>
>> >> _______________________________________________
>>
>> >> squid-users mailing list
>>
>> >> squid-users at lists.squid-cache.org
>>
>> >> http://lists.squid-cache.org/listinfo/squid-users
>>
>> > Thanks for the quick reply Amos.
>>
>>
>>
>> > * Used formats for external_acl_type are: %LOGIN, %SRC
>>
>> > * There are no *_extras rules defined (store_id_extras
>>
>>
>> <http://www.squid-cache.org/Doc/config/store_id_extras/>,
>>
>> > url_rewrite_extras
>>
>>
>> <http://www.squid-cache.org/Doc/config/url_rewrite_extras/>)
>>
>> > * logformat defaults are used (there should be nothing in
>> there
>>
>> > responsible for a ptr lookup)
>>
>>
>>
>> > I guess its the cachemanager then.
>>
>> > There are actually PTR results listed in the client_list of
>> the
>>
>> > cachemanager.
>>
>>
>>
>> > I tried blocking access to the cachemanager by adding the
>> folling rule:
>>
>> > http_access deny manager
>>
>>
>>
>> > However, squid still does PTR lookups.
>>
>> > How can I prevent the clientdb reports to be generated ?
>>
>>
>>
>>
>>
>>
>>
>> > _______________________________________________
>>
>> > squid-users mailing list
>>
>> > squid-users at lists.squid-cache.org
>>
>> > http://lists.squid-cache.org/listinfo/squid-users
>>
> > > > > _______________________________________________ > squid-users
> mailing list > squid-users at lists.squid-cache.org >
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160211/b4505f86/attachment-0001.html>
More information about the squid-users
mailing list