Mark Ruder wrote:
> Hello squiddies.
>
> I've configured squid/2.6.STABLE21, primary to disallow Internet
> access when my users haven't done their timesheets. Since each
> machine is named after the user it was pretty easy for me to get the
> list of machines from DHCP, export and import into squid.conf - eg -
>
>
> acl username srcdomain username.internal.domain.com
>
> then
>
> http_access allow username
>
> I comment out the users http_access entry when they haven't done
> their timesheet, put it back in again when complete. I've got 150
> acls each with srcdomain entries. Due to the hit I'm assuming I'd get
> with rDNS I've configured BIND on the server.
>
> My problem is that occasionally I'm seeing IP addresses popping up in
> my access.log file and that user is denied - however when I do an
> nslookup on that IP address I get the correct name back.
>
> The median DNS lookup time is
>
> DNS Lookups - 0.01535 0.03223
>
> Which I guess is fast.
>
> Does anyone have an idea on what my issue is? Too much srcdomain
> stuff going on? If so, can anyone think of a more efficient way to
> block users (without having to reserve all users in DHCP and block by
> IP address)?
Hmm, idea: use real authentication.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.14Received on Mon Oct 26 2009 - 12:51:29 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 26 2009 - 12:00:02 MDT