Squid allow short names for local sites
In my transparent web proxy, I wanted to make it so I could still visit http://server2:631 for my local cups instance. Even with the hosts_file configured in squid.conf, squid does not accept short hostnames that can be resolved. But what you can do, is configure squid to append your domain on unqualified domain names, and configure an ACL with all the local host names! Set up squid.conf with these additional entries:
apped_domain .ipa.example.com
acl localdst dstdomain "/etc/squid/axfr.txt"
always_direct allow localdst
And you need a command to populate that axfr.txt file. Thankfully, I run my own dns and I left zone transfers on (security considerations notwithstanding). So here's my comments around what is basically a one-liner.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
|
And as described, I have a cron entry.
0 * * * * root /mnt/public/Support/Systems/vm4/usr/local/bin/squid_local_hosts.sh 2>/dev/null 1>/etc/squid/axfr.txt
Now, I haven't been running this long enough and with enough network changes to test things fully, so I don't know if squid will dynamically read the new axfr.txt contents should they change. I seriously doubt it. So one could probably adjust the service script or systemd unit to have a pre-exec hook of running the same contents as the cronjob. And now I can reach my cups instance without having to type in the full hostname, and without setting up client- side exceptions for using the proxy. I realize this whole thing is not very KISS, but it's fun anyways.
Comments