Eliezer Croitoru skrev 2012-11-22 15:19:
> Next time just clean the file first to make it more readable:
> use the command cat squid.conf|sed 's/^[ \t]*//'|sed 's/^#.*//'|sed '/^$/d'
>
> ##start
> http_port 127.0.0.1:8080 intercept
> http_port 172.18.0.1:8080 intercept
> hierarchy_stoplist cgi-bin ? php asp
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> cache_mem 32 MB
> maximum_object_size 100 MB
> cache_dir ufs /usr/local/squid/cache 1024 16 256
> cache_store_log none
> access_log /usr/local/squid/logs/access.log squid
> logfile_rotate 2
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern (cgi-bin|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> #acl localnet src 172.18.0.1-172.18.0.254
> #try to change this into
> acl localnet src 172.18.0.0/24
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 591 # filemaker
> acl CONNECT method CONNECT
> acl PURGE method PURGE
> http_access allow manager localhost
> http_access deny manager
> http_access allow PURGE localhost
> http_access deny PURGE
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow localnet
> http_access deny all
> icp_access allow localnet
> icp_access deny all
> #remove these if you want to remove something
> visible_hostname ZZZZ
> cache_mgr YYY
> buffered_logs on
> coredump_dir /usr/local/squid/cache
> ##end
>
> it seems to me like forward proxy and the only reason I can think of to
> not work is:
> Missing credentials related settings.
> With the current config file squid only allows users with specific SRC
> ip which are only localhost\127.0.0.1/8 and a range of 172.18.0.0/24/
> Also you didnt posted the access.log output for the request but it seem
> like you have one missing ACL.
>
> What are the IPFW rules for interception?
>
> Eliezer
>
I'll remember to clean the file next time.
I've got the access.log. It's quite a large file and there are no
timestamps so that I could clean it and post the relevant information.
How should I do?
Thanks
/Leslie
Received on Thu Nov 22 2012 - 14:40:56 MST
This archive was generated by hypermail 2.2.0 : Fri Nov 23 2012 - 12:00:05 MST