I'm realitivity new here, aand Squid was set up by the previous admin
(mostly to restrict internet access) Well, now we have a shipping
application that needs to make https/ssl connections. I've been working
at it since this morning, reading the docs, but I still can't figure out
why it's not working. To top it all off, 90 day review is tomorrow! ;)
Anyhoo, if anyone has any suggestions or wants to look over the config
file I'd appreciate feedback, or even direction to relevant
documentation.
Notes on the setup:
Cache server is behind firewall. Firewall prevents all web traffic
except for the squid box. Firewall is not blocking SSL though. (ran
lynx-ssl to a secure site to verify that.)
Thanks.
Andy
--
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------
Andy Zbikowski, Sys Admin | (WEB) http://www.ltiflex.com
LTI Flexible Products, Inc. | (PH) 763-428-9119 (EX) 132
21801 Industrial Blvd | (FX) 763-428-9126
Rogers, MN 55374 | (PCS) 612-306-6055
---------------Ooooo------------------------------------------
( )
ooooO ) /
( ) (_/
\ (
\_)
--
# /etc/squid.conf
# Last Modified: 07/13/2000
# Ports
http_port 3128
icp_port 3130
htcp_port 4827
# Size settings
cache_mem 8 MB
maximum_object_size 4096 KB
# Cache: moved cache directories to /home/squid
cache_dir /home/squid/spool 800 16 256
cache_access_log /home/squid/log/access.log
cache_log /home/squid/log/cache.log
cache_store_log /home/squid/log/store.log
# Logging options
debug_options ALL,1 28,9
client_netmask 255.255.255.255
# FTP settings
ftp_user www-user@ltiflex.com
ftp_list_width 32
# Access control list
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 81 21 443 563 70 210 1025-65535 901
acl purge method PURGE
acl CONNECT method CONNECT
# LTi Flexible's IP's
acl rogers src 192.168.1.0/255.255.255.0
acl metaframe src 192.168.1.2/255.255.255.255
acl priv src 192.168.1.0/255.255.255.128
acl unpriv src 192.168.1.128/255.255.255.128
# Time constraints
acl lunch time MTWHF 11:30-13:00
acl offtime time SMTWHFA 05:30-05:59 16:30-23:59
# Blocked Sites
acl blockreg dstdom_regex "/etc/squid/block/regex.incl"
acl blockdom dstdomain "/etc/squid/block/domain.incl"
#acl blockip dst "/etc/squid/block/ip.incl"
# Unblocked Sites
acl unblockreg dstdom_regex "/etc/squid/unblock/regex.incl"
acl unblockdom dstdomain "/etc/squid/unblock/domain.incl"
#acl unblockip dst "/etc/squid/unblock/ip.incl"
# Approved Business Hour Sites
acl approvedreg dstdom_regex "/etc/squid/approved/regex.incl"
acl approveddom dstdomain "/etc/squid/approved/domain.incl"
#acl approvedip dst "/etc/squid/approved/ip.incl"
# Denying Access right away, don't bother checking the rest
http_access deny metaframe
# Std. Access definitions
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access allow CONNECT !SSL_ports
#http_access deny all !Safe_ports
#http_access deny all !SSL_ports
# Approved before denied...if it's matched, it's not checked further
http_access allow all approvedreg
http_access allow all approveddom
# Now for the blocked access
http_access allow priv unblockreg
http_access allow priv unblockdom
http_access allow unpriv unblockreg lunch
http_access allow unpriv unblockreg offtime
http_access allow unpriv unblockdom lunch
http_access allow unpriv unblockdom offtime
http_access deny blockreg
http_access deny blockdom
http_access allow unpriv lunch
http_access allow unpriv offtime
http_access allow priv
# TAG: icp_access
icp_access allow rogers
icp_access allow all
# Cache Manager
cache_mgr webmaster@ltiflex.com
squid.conf:
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:31 MST