Re: [squid-users] Fedora

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 16 Sep 2008 23:37:46 +1200

Gustavo Lazarte wrote:
> I upgraded and now when I am trying to use my squid server to send traffic to the site 10.2.0.140 the squid server IP is 10.2.0.150.
>
> I also get the Warning cannot write the log file Permission denied.
>
> Then I try the /usr/local/squid/sbin/squid I get cannot write cache.log
> Permission denied. I use the user nobody for
> cache_effective_user

Ah, well, you need to set read+write permission on the log file
directory squid is trying to use and the logs inside it.

> /usr/local/squid/sbin/squid -z runs correctly
>

Thats good. At least the storage area won't have more of these problems
when squid does start.

Amos

>
> Thanks
>
>
>
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Saturday, September 13, 2008 11:39 AM
> To: Gustavo Lazarte
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Fedora
>
> Gustavo Lazarte wrote:
>> I got the service working. Now my old configuration from version 2.4 is not working on 3.0 Stable 2.
>
> Please do not use 3.0.stable2 under any circumstances. It does not
> perform authentication in any meaningful manner.
>
> For you should use something 3.0.stable7+
>
> 3.0.stable9 is just out with the most current stability fixes..
>
>> In theory the traffic was coming from a load balancer and hit the Proxy server. The proxy server then will request 10.2.0.140 for the content.
>>
>> When I try to start the service with my old configuration is having problems with the following lines, is the syntax different?
>>
>> acl all src 0.0.0.0/0.0.0.0 ***warning***
>> | acl manager proto cache_object
>> | acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst
>> | 127.0.0.0/8 acl ssl_ports ports 443 563 acl safe_port port 80 acl
>> | safe_port ....
>> | acl connect method connect
>> | acl mylan src 127.0.0.1 ***Fatal Error***
>> | acl mysites 10.2.0.140 *** Fatal Error***
>> |
>> | http_access allow manager localhost
>> | http_access deny manager
>> | http_access deny !safe_port
>> | http_access deny to_localhost
>> | http_access allow mysites
>> | http_access deny all
>> |
>> | http_reply_access allow MYLAN ***Fatal Error***
>> | http_reply_access allow all
>>
>> Even with the default config I am not able to telnet to port 80 on the squid server.
>
> Correct. If squid cannot read it's config it wont be able to start
> operating.
>
> Use a newer version, and please indicate what the warning messages are.
> My informed guess is listed below
>
> acl all src ...
> ** fully built-in now. no need to specify.
>
> acl mylan src 127.0.0.1
> ** weird, check that line for extra text or invisible binary
> characters. same for the other src one.
>
> http_reply_access allow MYLAN
> http_reply_access allow all
>
> ** earlier failure of src ACL above may cause this
> ** only the allow all is needed.
>
> Amos
>
>

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
Received on Tue Sep 16 2008 - 11:37:49 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 17 2008 - 12:00:03 MDT