還是請教一個關於SQUID泛域名解析問題!
我已經在 acl 規則中 寫入了 acl extention-domainname .test.com
然後並沒有修改HOSTS文件里的對應關係! 但是我訪問頁面的時候,仍然提示被SQUID3.0阻隔!!
請問有沒有辦法把這個查詢直接轉發到我的DNS,而不是本機的HOSTS文件,因為這樣以來,我添加其它域名的時候,工作量將會非常大。
謝謝各位 給點點提示吧!
《解決方案》
我現在添加了如下語句,照說是可以成功的 ,但仍然沒有效果:
acl d-domains .test.com
cache_peer 192.168.1.3 parent 80 0 no-query originserver name=edns
cache_peer_access edns allow d-domains
但如果我添加以下語句,那麼指定域名又可以訪問
cache_peer 192.168.1.3 parent 80 0 no-query originserver name=masterweb
cache_peer_domain masterweb www.test.com
《解決方案》
我把我的配置貼出來吧!
http_port 80 vhost vport=80
#set port on 80
acl apache rep_header Server ^Apache
#
#broken_vary_encoding allow apache
cache_mem 512 MB
#use memory size
maximum_object_size 409600 KB
#no cache the file that over object_size
minimum_object_size 0 KB
#less than the object_size no cache
maximum_object_size_in_memory 512 KB
#the max file could cache in the memory
cache_dir ufs /var/spool/squid 20480 16 256
#cache directory
cache_swap_low 80
#when the swap operating factor less than 80%,begin instead
cache_swap_high 97
strip_query_terms off
request_header_max_size 10 kb
request_body_max_size 0 kb
#
memory_pools on
memory_pools_limit 150 MB
#
access_log none
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
#hosts_file /etc/hosts
#dns_nameservers 192.168.1.4
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i www\.test\.com 1440 100% 1440 ignore-reload
refresh_pattern -i test\.com 1440 100% 1440 ignore-reload
refresh_pattern -i \.gif$ 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern -i \.jpg$ 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern -i \.rar$ 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern -i \.html$ 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern -i \.swf$ 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern -i \.png$ 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern -i \.bmp$ 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern . 120 50% 1440
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl d-localhost src 127.0.0.1/255.255.255.255
acl s-localhost dst 127.0.0.0/8
acl p-ssl port 433 563
acl p-safe port 21 80 443 563
acl m-conn method CONNECT
acl m-purge method PURGE
acl n-maxconn maxconn 15
acl d-domains1 dstdomain test.com
acl d-domains dstdomain .test.com
acl CONNECT method CONNECT
cache_peer 192.168.1.3 parent 80 0 no-query originserver name=masterweb
cache_peer_domain masterweb www.test.com
cache_peer 192.168.1.3 parent 80 0 no-query originserver name=edns
#cache_peer_domain edns .test.com
cache_peer_access edns allow d-domains
http_access allow manager d-localhost
http_access allow m-purge
http_access allow manager
http_access allow d-domains1
http_access allow d-domains
http_access deny !p-safe
http_access deny m-conn !p-ssl
http_access deny n-maxconn
http_access deny all
http_reply_access allow all
acl r-url urlpath_regex realtime
cache deny r-url
icp_access allow all
#follow_x_forwarded_for allow all
#acl_uses_indirect_client offrange_offset_limit -1
dns_timeout 6 seconds
forward_timeout 10 seconds
connect_timeout 10 seconds
peer_connect_timeout 6 seconds
read_timeout 10 seconds
request_timeout 6 seconds
persistent_request_timeout 16 seconds
cache_mgr net17sharplau@163.com
cache_effective_user nobody
cache_effective_group nobody
visible_hostname cache.test.com
logfile_rotate 0
always_direct allow all
error_directory /usr/local/squid/share/errors/Simplify_Chinese
coredump_dir /var/spool/squid
delay_pools 1
#define a pool
delay_class 1 1
#define a pool class
delay_access 1 allow all
#allow all the access in class 1
delay_parameters 1 128000/128000
#set a limit 128k/s
delay_initial_bucket_level 50
#root Squid,init the bandwidth of the pool use
《解決方案》
192.168.原帖由 shawnlau 於 2008-9-27 12:49 發表 http://bbs.chinaunix.net/images/common/back.gif
我現在添加了如下語句,照說是可以成功的 ,但仍然沒有效果:
acl d-domains
cache_peer 192.168.1.3 parent 80 0 no-query originserver name=edns
cache_peer_access edns allow d-domains
但 ...
你的問題幫你搞定了,我有兩種實現方式
第一種方法
http_port 80 transparent
cache_peer 192.168.1.3 parent 80 0 no-query originserver name=edns
cache_peer_domain edns .test.com
這個是第一種實現方式,舉例
clienthosts內容192.168.1.3 a.test.com b.test.com
squid上不用添加hosts,然後client訪問ie這兩個域名可以完美的訪問到後端伺服器,下面說第二種方法
http_port 80 accel vport vhost
cache_peer 192.168.1.3 parent 80 0 no-query originserver name=edns
cache_peer_domain edns .test.com
client設置同上,這兩種都可以實現你說的,我自己虛擬機上實地測試的,有問題互相討論
《解決方案》
哦 非常感謝啊! 按照你的說法,我終於也實現了泛域名解析功能了。
希望以後有問題 大家再多多交流哦!