On Wed, 2006-02-01 at 14:14 +0000, Mark Sansome wrote: > On Wed, Feb 01, 2006 at 05:39:52AM -0600, David P.C. Wollmann wrote: > > > > It looks like host(1) fetched the right answer from /etc/hosts and then > > queried two DNS servers, which probably should have given the same > > answer, but didn't. Generally, as long as /etc/hosts gives the right > > answer you won't be asking the DNS servers for the information. > > Thanks. > > Given that there is only one line in my /etc/hosts file why would it be > looking > for two other DNS servers? Where would I find the information to tell me > what's > leading it astray?
Hostname resolution is configured in another file, probably /etc/resolv.conf. There are probably several lines with 'nameserver IP ADDRESS' where IP ADDRESS is the address of a DNS server. > > > > > The reason I asked for this information is that you specified a > > squidGuard redirect to an httpd listening on localhost, but the error > > squid gave you referred to a URI with a LAN address. Try having your > > httpd listen on the LAN address as well as localhost and see if that > > makes a difference. > > > > Ermmm.. How do I do that? (Sorry to be so lame). To answer both questions, above and below: you need to redirect the request to an http server somewhere that will run squidGuard.cgi to satisfy the redirect request. That server should be listening on an interface that other machines on your LAN can reach, because they'll be sending requests to it when their requests are blocked. > > > > > Having played around with things a bit now I realise that I was working under > a misaprehension. > > Let me ask the question this way... > > Does squidGuard *have* to use the "Redirect > http://whetever.com/cgi-bin/squidGuard.cgi+etc...."; > directive when it blocks a site? When I use squid on its own without > squidGuard - with some simple > acl rules set up - squid quite successfully blocks access to those sites and > puts up a screen with > an "access denied" message. Those messages are simple files held in the > "errors" directory. > > In my naivity I assumed that once squidGuard was in charge it would block a > site and pass the > instruction to squid which would put up its "access denied" message. > > It doesn't seem to work this way however. Only when I have the "Redirect > http://.....squidGuard.cg1....etc.."; > does it actually block the site, but the screen shows a "Connection Failed" > error message. In other words it > can't process the squidGuard.cgi script. > > I have tried both : > http://localhost/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u > and > http://192.168.123.101/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u > > as the redirect addresses. > > > I thought then that I would point the Redirect line to the file that squid > uses in the "errors" > directory - or create my own - e.g. Redirect > file:///192.168.123.101/path_to_file/Bad_Boy_Site_Blocked.html > but that simply doesn't work. > > If however I point it to an external site - e.g. Redirect > http://www.google.com then any banned site > is correctly bounced to google - so I am now confident that squidguard is > working as it should. > > So it seems that my only real problem is being able to redirect to a cgi > script or file on my own > computer which at the moment is failing with a "connection refused" error. > Will your above suggestion > enable that? > > Thanks for your help > > Mark > -- David P.C. Wollmann AIM & Yahoo!: converter42 | MSN Messenger: [EMAIL PROTECTED] PGP Fingerprint: 53C8 BF29 9AF0 EEE8 85DB 8D1C 14B1 023E 9079 CAD8 Get free PKCS client and server certificates at http://www.cacert.org/
