Article delegate-en/3977 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3975@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: delegated reload very slow most of time.
19 May 2008 03:32:36 GMT "David Wang" <pomhqbdyi-j73qrjjcemlr.ml@ml.delegate.org>


Hi Yutaka,

I tried the lightest way, but it's not working. The command and config
details are:
Command: /home/delegate/dgroot/bin/delegated -P443 SERVER=https
+=/home/delegated/dgroot/etc/delegate_https.cfg 
delegate_https.cfg:
...
PERMIT=https:{127.0.0.1:8080}:*.https.clients	;before is
PERMIT=https:{127.0.0.1:8080}:+=permitted_clients.cfg
PERMIT=https:{203.39.18.5:8080}:*.https.clients	; before is
PERMIT=https:{203.39.18.5:8080}:+=permitted_clients.cfg
And /etc/hosts:
...
192.168.3.30	000-000-0-0X.https.clients
The log file is:
05/19 12:30:22.86 [2020] 0+0: ext[13]
PERMIT=https:{127.0.0.1:8080}:*.https.clients
05/19 12:30:22.86 [2020] 0+0: ext[14]
PERMIT=https:{203.39.18.5:8080}:*.https.clients
05/19 12:30:22.86 [2020] 0+0: arg[2] SERVER=https
05/19 12:30:22.88 [2020] 0+0: DELEGATE_Modified[1]: 4830e63e
05/19 12:30:22.88 [2020] 0+0: --INITIALIZATION DONE: 8.11.5 on
Linux/2.6.9-22.EL--
05/19 12:30:27.32 [2022] 1+0: -- Fork(OnetimeServer): 2020 -> 2022
05/19 12:30:27.32 [2022] 1+0: (0) accepted [41]
-@[192.168.3.31]192.168.3.31:3397 (0.005s)(1)
05/19 12:30:27.32 [2023] 1+0: -- Fork(FCL): 2022 -> 2023
05/19 12:30:27.32 [2023] 1+0: #### execFilter[FCL]
[/home/delegate/dgroot/lib/sslway]sslway
05/19 12:30:27.32 [2023] 1+0: gethostbyname(-) unknown[0.00s] 
05/19 12:30:27.32 [2022] 1+0: PATH:
https://-:443!management.test.firstwave.com.au:443!192.168.3.31:3397!anonymo
us@192.168.3.31;1211
164227
05/19 12:30:27.40 [2022] 1+0: Proxy: host=192.168.3.31; User-Agent:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.
4322; .NET CLR 2.0.50727); DIRECT
05/19 12:30:27.40 [2022] 1+0: HCKA:[0] Keep-Alive; host=192.168.3.31;
(User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1
; .NET CLR 1.1.4322; .NET CLR 2.0.50727))
05/19 12:30:27.40 [2022] 1+0: REQUEST - GET
/mgmt/iCan/iCanView?Node=icguinode.login HTTP/1.1^M
05/19 12:30:27.40 [2022] 1+0: *** /mgmt/iCan/iCanView?Node=icguinode.login
=> http://203.39.18.5:8080/iCan/iCanView?Node=icguinode.l
ogin ***
05/19 12:30:27.40 [2022] 1+0: REQUEST +M
http://203.39.18.5:8080/iCan/iCanView?Node=icguinode.login HTTP/1.1^M
05/19 12:30:27.40 [2022] 1+0: *** /mgmt/iCan/iCanView?Node=icguinode.login
=> http://203.39.18.5:8080/iCan/iCanView?Node=icguinode.l
ogin ***
05/19 12:30:27.40 [2022] 1+0: PATH>
http://203.39.18.5:8080!management.test.firstwave.com.au:443!192.168.3.31:33
97!anonymous@192.168
.3.31;1211164227
05/19 12:30:27.40 [2022] 1+0: REQUEST = [http://203.39.18.5:8080/] GET
/iCan/iCanView?Node=icguinode.login HTTP/1.1^M
05/19 12:30:27.41 [2022] 1+0: E-P: No permission: 192.168.3.31:3397 =>
http://203.39.18.5:8080 (unmatch PERMIT)
05/19 12:30:27.41 [2022] 1+0: bind_insock(13,203.39.18.32,0) = 0, errno=0

When I tried including RES_VRFY="" together with above line command, the
browser got general error message: "can't dispay the webpage error", the log
is as below,  
05/19 12:33:18.12 [2059] 0+0: ext[13]
PERMIT=https:{127.0.0.1:8080}:*.https.clients
05/19 12:33:18.12 [2059] 0+0: ext[14]
PERMIT=https:{203.39.18.5:8080}:*.https.clients
05/19 12:33:18.12 [2059] 0+0: arg[2] SERVER=https
05/19 12:33:18.12 [2059] 0+0: arg[3] RES_VRFY=
05/19 12:33:18.12 [2059] 0+0: DELEGATE_Modified[1]: 4830e6ee
05/19 12:33:18.12 [2059] 0+0: --INITIALIZATION DONE: 8.11.5 on
Linux/2.6.9-22.EL--
05/19 12:33:55.86 [2062] 1+0: -- Fork(OnetimeServer): 2059 -> 2062
05/19 12:33:55.87 [2062] 1+0: (0) accepted [32]
-@[192.168.3.31]000-000-0-0X.https.clients:3405 (0.005s)(1)
05/19 12:33:55.87 [2063] 1+0: -- Fork(FCL): 2062 -> 2063
05/19 12:33:55.87 [2063] 1+0: #### execFilter[FCL] sslway
05/19 12:33:55.87 [2063] 1+0: gethostbyname(-) unknown[0.00s] 
/bin/sh: sslway: command not found
05/19 12:33:55.88 [2062] 1+0: PATH:
https://-:443!management.test.firstwave.com.au:443!000-000-0-0X.https.client
s:3405!anonymous@192
-168-3-31.https.clients;1211164435
05/19 12:33:55.88 [2062] 1+0: HTTP empty_request ? from
000-000-0-0X.https.clients (1)
05/19 12:33:55.88 [2062] 1+0: disconnected [32]
-@[192.168.3.31]000-000-0-0X.https.clients:3405 (0.016s)(0)
05/19 12:33:55.88 [2062] 1+0: CFI process [2063] done (1/1 AFT-0)

Looking forward to hearing from you.

Great thanks.

Kind Regards
David

-----Original Message-----
From: Yutaka Sato [mailto:feedback@delegate.org] 
Sent: Tuesday, 13 May 2008 2:06 PM
To: feedback@delegate.org
Cc: pomhqbdyi-j73qrjjcemlr.ml@ml.delegate.org
Subject: Re: [DeleGate-En] delegated reload very slow most of time.


Hi,

In message <_A3974@delegate-en.ML_> on 05/13/08(12:44:10) I wrote:
 |Maybe the easiest solution is resolving your clients not with DNS but
 |with local /etc/hosts file.  If the /etc/hosts file is not desirable
 |to be added, you can use your own hosts file (/tmp/myhosts for example)
 |and specify like RESOLV="file:/tmp/myhosts,nis,dns,sys".

And the lightest way to add new clients without restarting DeleGate is 
naming them with pseudo hostname in pseudo domain as "http.clients"
for example.

  PERMIT="http:server:*.http.clients"

And add the pseudo hostnames of clients into /etc/hosts like this:

  192.168.1.1  192-168-1-1.http.clients
  192.168.1.2  192-168-1-1.http.clients
  ...

In this case, the parameter RES_VRFY="" should be added to verify the
reverse resolution to avoid spoofing by DNS for "http.clients" domain.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

-------------------------------Safe Stamp-----------------------------------
Your Anti-virus Service scanned this email. It is safe from known viruses.
For more information regarding this service, please contact your service
provider.




  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V