I will have to double check. The server is offsite, so I will need to go and run some more tests. We have bypassed the issue by allowing users to connect directly to this address via the BorderManager child.
I am just pursuing this now in order to determine if this is actually a bug that needs fixing so it won't affect others in the future. If http://webmail.company.com shows the IP as being the internal IP, would this suggest there is a bug with the https:// code? If http://webmail.company.com also shows the external IP, then the problem is elsewhere? We are using squidGuard, but it is not actually blocking anything, just passing all traffic through unrestricted (Admin users). -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Henrik Nordstrom Sent: Wednesday, 5 February 2003 3:05 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Squid2.4 & /etc/hosts What do you get in Squid access.log on a request for http://webmail.company.com/? Are you using any redirectors? Regard Henrik Jay Turner wrote: > > Hi Robert, > > Thanks for your reply. Checking the log file the CONNECT method is provided > to squid with the hostname webmail.company.com however the IP address that > is shown is the world address rather than the address specified in the > /etc/hosts file. > > ie > /etc/hosts entry: 10.14.12.122 webmail.company.com > Browser Request: https://webmail.company.com > Log Shows: 10.14.12.123 TCP_MISS/503 0 CONNECT webmail.company.com:443 - > DIRECT/203.123.xxx.xxx - > > So you are saying this should work and is probably a bug? > > -----Original Message----- > From: Robert Collins [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, 5 February 2003 9:14 AM > To: [EMAIL PROTECTED] > Cc: Henrik Nordstrom; [EMAIL PROTECTED] > Subject: RE: [squid-users] Squid2.4 & /etc/hosts > > On Wed, 2003-02-05 at 12:02, Jay Turner wrote: > > But it is maintained by Red Hat who backport any security patches to the > 2.4 > > version they ship with 7.3. > > > > If you could please re-read my post you will note that I have recompiled > > with --disable-internal-dns and it successfully references /etc/hosts for > > http:// pages. My question relates to https:// pages and having squid do a > > local lookup from somewhere for the IP address rather than fetching it > from > > the DNS (as it does with /etc/hosts for http:// requests). > > Which you probably can't do. > If the CONNECT verb is provided to squid with an ip address rather than > a hostname, no proxy can do what you are asking. > If a hostname is provided, then the same host->ip lookup path is > followed as for http:// requests. > > Check access.log. If you see CONNECT ipaddress:443 then you need to look > at using a redirectory to alter the requested IP address. > If you see CONNECT hostname:443, then please log a bug in bugzilla. > > Rob > -- > GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
