Re: [squid-users] Problems downloading files from command line from José J. Cintrón on 2005-03-16 (squid-users)

From: José J. Cintrón <jcintron@dont-contact.us>
Date: Wed, 16 Mar 2005 17:31:33 -0500

Attached is my squid.conf to see if there is anything wrong with it...
> You also need
>
> never_direct allow all

I tried this and effectively stopped all connectivity to any sites.

>
> as per the Squid FAQ on how to use Squid within a firewall.
>
> This is quite likely the source of your problems as the (unencoded) ?
> characters makes the URL fall into the "non-hierarchical" category where
> Squid will by default go direct unless prohibited.
>
> Regards
> Henrik

-- 
+------------------------------------------
| José J. Cintrón - <jcintron@mitre.org>
+------------------------------------------

#
# Which port are we going to listen on
#
http_port 80

#
# The port number where Squid sends and receives ICP queries to
# and from neighbor caches to disable use 0, default 3120.
#
icp_port 3120

#
# Where are we going to forward requests to...
#
cache_peer SQUID-PARENT parent 80 3120 proxy-only no-query

#
# This are settings from the default squid file. Don't ask me
# what they do, if you need to know RTFM
#
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#
# Define ACLs
#
acl all src 10.10.12.2/255.255.255.255
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl CONNECT method CONNECT
acl SSL_ports port 443 563

#
# Define ports
#
acl Safe_ports port 80
acl Safe_ports port 20 21
acl Safe_ports port 443

#
# Define which domains we are going to allow
#
acl ALLOWED_domains dstdomain .microsoft.com .symantec.com .sun.com .msn.com .landesk.com .symantec.speedera.net

#
# Only allow cachemgr access from localhost
#
http_access allow manager localhost
http_access deny manager

#
# Deny requests to unknown ports
#
http_access deny !Safe_ports

#
# Deny CONNECT to other than SSL ports
#
http_access deny CONNECT !SSL_ports

#
# Allow connections to ALLOWED domains only
#
http_access allow ALLOWED_domains

#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#
http_access deny to_localhost

#
# And finally deny all other access to this proxy
#
http_access deny all

#
# Allow replies to client requests. This is complementary to http_access.
#
http_reply_access allow all

#
#Allow ICP queries from everyone
#
icp_access allow all

#
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
# Email-address of local cache manager who will receive
# mail if the cache dies. The default is "webmaster."
#
cache_mgr jcintron@mitre.org
cache_effective_user nobody
never_direct allow ALLOWED_domains

#
# Leave coredumps in the first cache dir
#
coredump_dir /var/lib/squid/cache

application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Wed Mar 16 2005 - 15:31:47 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST