Hi Yutaka,

I tried the lightest way, but it's not working. The command and config
details are:
Command: /home/delegate/dgroot/bin/delegated -P443 SERVER=https
+=/home/delegated/dgroot/etc/delegate_https.cfg 
delegate_https.cfg:
...
PERMIT=https:{127.0.0.1:8080}:*.https.clients	;before is
PERMIT=https:{127.0.0.1:8080}:+=permitted_clients.cfg
PERMIT=https:{203.39.18.5:8080}:*.https.clients	; before is
PERMIT=https:{203.39.18.5:8080}:+=permitted_clients.cfg
And /etc/hosts:
...
192.168.3.30	000-000-0-0X.https.clients
The log file is:
05/19 12:30:22.86 [2020] 0+0: ext[13]
PERMIT=https:{127.0.0.1:8080}:*.https.clients
05/19 12:30:22.86 [2020] 0+0: ext[14]
PERMIT=https:{203.39.18.5:8080}:*.https.clients
05/19 12:30:22.86 [2020] 0+0: arg[2] SERVER=https
05/19 12:30:22.88 [2020] 0+0: DELEGATE_Modified[1]: 4830e63e
05/19 12:30:22.88 [2020] 0+0: --INITIALIZATION DONE: 8.11.5 on
Linux/2.6.9-22.EL--
05/19 12:30:27.32 [2022] 1+0: -- Fork(OnetimeServer): 2020 -> 2022
05/19 12:30:27.32 [2022] 1+0: (0) accepted [41]
-@[192.168.3.31]192.168.3.31:3397 (0.005s)(1)
05/19 12:30:27.32 [2023] 1+0: -- Fork(FCL): 2022 -> 2023
05/19 12:30:27.32 [2023] 1+0: #### execFilter[FCL]
[/home/delegate/dgroot/lib/sslway]sslway
05/19 12:30:27.32 [2023] 1+0: gethostbyname(-) unknown[0.00s] 
05/19 12:30:27.32 [2022] 1+0: PATH:
https://-:443!management.test.firstwave.com.au:443!192.168.3.31:3397!anonymo
us@192.168.3.31;1211
164227
05/19 12:30:27.40 [2022] 1+0: Proxy: host=192.168.3.31; User-Agent:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.
4322; .NET CLR 2.0.50727); DIRECT
05/19 12:30:27.40 [2022] 1+0: HCKA:[0] Keep-Alive; host=192.168.3.31;
(User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1
; .NET CLR 1.1.4322; .NET CLR 2.0.50727))
05/19 12:30:27.40 [2022] 1+0: REQUEST - GET
/mgmt/iCan/iCanView?Node=icguinode.login HTTP/1.1^M
05/19 12:30:27.40 [2022] 1+0: *** /mgmt/iCan/iCanView?Node=icguinode.login
=> http://203.39.18.5:8080/iCan/iCanView?Node=icguinode.l
ogin ***
05/19 12:30:27.40 [2022] 1+0: REQUEST +M
http://203.39.18.5:8080/iCan/iCanView?Node=icguinode.login HTTP/1.1^M
05/19 12:30:27.40 [2022] 1+0: *** /mgmt/iCan/iCanView?Node=icguinode.login
=> http://203.39.18.5:8080/iCan/iCanView?Node=icguinode.l
ogin ***
05/19 12:30:27.40 [2022] 1+0: PATH>
http://203.39.18.5:8080!management.test.firstwave.com.au:443!192.168.3.31:33
97!anonymous@192.168
.3.31;1211164227
05/19 12:30:27.40 [2022] 1+0: REQUEST = [http://203.39.18.5:8080/] GET
/iCan/iCanView?Node=icguinode.login HTTP/1.1^M
05/19 12:30:27.41 [2022] 1+0: E-P: No permission: 192.168.3.31:3397 =>
http://203.39.18.5:8080 (unmatch PERMIT)
05/19 12:30:27.41 [2022] 1+0: bind_insock(13,203.39.18.32,0) = 0, errno=0

When I tried including RES_VRFY="" together with above line command, the
browser got general error message: "can't dispay the webpage error", the log
is as below,  
05/19 12:33:18.12 [2059] 0+0: ext[13]
PERMIT=https:{127.0.0.1:8080}:*.https.clients
05/19 12:33:18.12 [2059] 0+0: ext[14]
PERMIT=https:{203.39.18.5:8080}:*.https.clients
05/19 12:33:18.12 [2059] 0+0: arg[2] SERVER=https
05/19 12:33:18.12 [2059] 0+0: arg[3] RES_VRFY=
05/19 12:33:18.12 [2059] 0+0: DELEGATE_Modified[1]: 4830e6ee
05/19 12:33:18.12 [2059] 0+0: --INITIALIZATION DONE: 8.11.5 on
Linux/2.6.9-22.EL--
05/19 12:33:55.86 [2062] 1+0: -- Fork(OnetimeServer): 2059 -> 2062
05/19 12:33:55.87 [2062] 1+0: (0) accepted [32]
-@[192.168.3.31]000-000-0-0X.https.clients:3405 (0.005s)(1)
05/19 12:33:55.87 [2063] 1+0: -- Fork(FCL): 2062 -> 2063
05/19 12:33:55.87 [2063] 1+0: #### execFilter[FCL] sslway
05/19 12:33:55.87 [2063] 1+0: gethostbyname(-) unknown[0.00s] 
/bin/sh: sslway: command not found
05/19 12:33:55.88 [2062] 1+0: PATH:
https://-:443!management.test.firstwave.com.au:443!000-000-0-0X.https.client
s:3405!anonymous@192
-168-3-31.https.clients;1211164435
05/19 12:33:55.88 [2062] 1+0: HTTP empty_request ? from
000-000-0-0X.https.clients (1)
05/19 12:33:55.88 [2062] 1+0: disconnected [32]
-@[192.168.3.31]000-000-0-0X.https.clients:3405 (0.016s)(0)
05/19 12:33:55.88 [2062] 1+0: CFI process [2063] done (1/1 AFT-0)

Looking forward to hearing from you.

Great thanks.

Kind Regards
David

-----Original Message-----
From: Yutaka Sato [mailto:pficabdyi-mykgh42xjblw.ml@delegate.org] 
Sent: Tuesday, 13 May 2008 2:06 PM
To: pficabdyi-mykgh42xjblw.ml@delegate.org
Cc: pomhqbdyi-mykgh42xjblw.ml@delegate.org
Subject: Re: [DeleGate-En] delegated reload very slow most of time.


Hi,

In message <_A3974@delegate-en.ML_> on 05/13/08(12:44:10) I wrote:
 |Maybe the easiest solution is resolving your clients not with DNS but
 |with local /etc/hosts file.  If the /etc/hosts file is not desirable
 |to be added, you can use your own hosts file (/tmp/myhosts for example)
 |and specify like RESOLV="file:/tmp/myhosts,nis,dns,sys".

And the lightest way to add new clients without restarting DeleGate is 
naming them with pseudo hostname in pseudo domain as "http.clients"
for example.

  PERMIT="http:server:*.http.clients"

And add the pseudo hostnames of clients into /etc/hosts like this:

  192.168.1.1  192-168-1-1.http.clients
  192.168.1.2  192-168-1-1.http.clients
  ...

In this case, the parameter RES_VRFY="" should be added to verify the
reverse resolution to avoid spoofing by DNS for "http.clients" domain.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <pfqcabdyi-mykgh42xjblw.ml@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

-------------------------------Safe Stamp-----------------------------------
Your Anti-virus Service scanned this email. It is safe from known viruses.
For more information regarding this service, please contact your service
provider.