On Thursday 05 June 2003 08.32, Denis Tatarskikh wrote: > Please, hint, how should I address the problem and get dst based > tcp_outgoing_address determination work properly, as I expect it?
The problem with using dst acls in tcp_outgoing_address is that it cannot wait for the DNS lookup to complete. If you can then it is better to use dstdomain. Alternatively you can improve the situation somewhat by making sure the dst acl is used in http_access acl do_dns_lookup dst 0.0.0.0/32 http_access deny do_dns_lookup But even with this there may be a few false negatives in tcp_outgoing_address if the ttl of the address expires inbetween when http_access and tcp_outgoing_address is processed by Squid. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
