[squid-users] Unable to access internal resources via hostname
Piana, Josh
Josh.Piana at hexcel.com
Wed Aug 28 15:24:26 UTC 2024
Squid Forums,
Here's the log and (I think) relevant ACL's?
-----------------------------------------------------------------------------------------------------------
# /var/log/squid/access.log results for internal conflicts
28/Aug/2024:10:57:17 -0400.234 10.46.49.190 TCP_DENIED/407 4132 CONNECT hexcelssp:443 - HIER_NONE/- text/html
28/Aug/2024:10:57:17 -0400.253 10.46.49.190 NONE_NONE/500 0 CONNECT hexcelssp:443 JPIANA at AD.<DOMAIN>.COM HIER_NONE/- -
28/Aug/2024:10:57:17 -0400.380 10.46.49.190 TCP_DENIED/407 4132 CONNECT hexcelssp:443 - HIER_NONE/- text/html
28/Aug/2024:10:57:17 -0400.399 10.46.49.190 NONE_NONE/500 0 CONNECT hexcelssp:443 JPIANA at AD.<DOMAIN>.COM HIER_NONE/- -
-----------------------------------------------------------------------------------------------------------
# acl all src all
acl src_self src 127.0.0.0/8
acl src_self src 10.46.11.69
acl dst_self dst 127.0.0.0/8
acl dst_self dst 10.46.11.69
acl from_arc src 10.46.0.0/15
acl local_dst_addr dst 10.0.0.0/8
acl local_dst_addr dst 172.0.0.0/8
acl local_dst_addr dst bldg3.<domain>.com
acl local_dst_addr dst bldg5.<domain>.com
# these keep URLs of popular local servers from being forwarded
acl local_dst_dom dstdomain arcgate
# allow connects to local destinations without authentication
# by domain name from URL
http_access allow local_dst_dom
http_reply_access allow local_dst_dom
# by IP address name resolves to
http_access allow local_dst_addr
http_reply_access allow local_dst_addr
# allow trusted hosts without authentication
# these are just ip's on the 10.46.11.x network
acl authless_src src "/etc/squid/authless_src"
http_access allow authless_src
http_reply_access allow authless_src
-----------------------------------------------------------------------------------------------------------
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Matus UHLAR - fantomas
Sent: Wednesday, August 28, 2024 10:47 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Unable to access internal resources via hostname
Caution: This email originated from outside of Hexcel. Do not click links or open attachments unless you recognize the sender and know the content is safe.
On 28.08.24 14:20, Piana, Josh wrote:
>Hello Squid Support,
This squid user forum FYI
> We are unable to get to internal resources via hostname but using the
> IP address works fine. Immediately, I thought this was DNS but when I
> checked the /etc/resolv.conf/ file it was pointing correctly to our
> Windows DNS server and we can ping all devices using their hostname,
> just not when browsing to it. This leads me to believe something may
> be wrong with our squid config.
hard to guess without seeing logs or ACL's.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list