I've got a SQUID running on Windows 2000 Server [SQUIDNT 2.5 Stable 9] with
DSL-Line.
Normally the system is very performant and working fine, but I've
encountered two problems:
1. I've implemented a blocking acl (blocked_url) and it worked fine, but
some special addresses (allowed_url) to be accessable
are still blocked. Is it possible to build an junction between these two
acls to get access to special addresses and all non-blocked?
For example:
sex is blocked and msexchangefaq.de is allowed.
2. I've got performance problems with ftp downloads especially from hp.com
There are normal ftp links but it takes quite a long time for squid to start
serving the request.
here is the squid.conf.
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs E:/Squid/cache 20000 16 256
mime_table E:/Squid/etc/mime.conf
pid_filename E:/Squid/log/squid.pid
dns_nameservers IP1 IP2
ftp_user user@SquidNT
diskd_program E:/Squid/libexec/diskd.exe
unlinkd_program E:/Squid/libexec/unlinkd.exe
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ftp: 1440 20Percent 10080
refresh_pattern gopher: 1440 0Percent 1440
refresh_pattern . 0 20Percent 4320
visible_hostname SquidNT
icon_directory E:/Squid/share/icons
error_directory E:/Squid/share/errors/english
coredump_dir E:/Squid/cache
cache_access_log E:/Squid/log/access.log
cache_log E:/Squid/log/cache.log
cache_store_log none
emulate_httpd_log off
client_netmask 0.0.0.0 #Anonymisierung der Clients
log_fqdn off
log_mime_hdrs off
acl QUERY urlpath_regex cgi-bin \?
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl CORP-NET src "Range 1"
acl CORP-NET src "Range 2"
acl CORP-NET src "Range 3"
acl CORP-NET src "Range 4"
acl CORP-NET src "Range 5"
acl CORP-NET src "Range 6"
acl VPN-ACCESS src "Range 7"
acl streaming rep_mime_type ^video/x-ms-asf ^video/x-ms-sf ^audio/mpeg
^audio/x-mpeg ^audio/x-pn-realaudio ^audio/x-pn-realaudio-plugin
^application/x-mms-framed ^application/vnd.ms.wms-hdr.asfv1
acl block_stream urlpath_regex
\.(ra?m|ra|rpm|mpe?g?|mov|m3u|pls|ivf|asf|asx|avi|wax|wma|wmv|wvx|wmp|wmx|m1v|mp2|mp3|mpa|mpe|mpv2)($|\?)
acl blocked_url url_regex "E:/Squid/etc/squid-block.acl"
acl allowed_url url_regex "E:/Squid/etc/squid-allow.acl"
no_cache deny QUERY
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow CORP-NET
http_access allow VPN-ACCESS
http_access deny blocked_url
http_access deny all
http_reply_access deny block_stream
http_reply_access deny streaming
http_reply_access allow CORP-NET
http_reply_access allow VPN-ACCESS
http_reply_access deny blocked_url
http_reply_access deny all
icp_access deny all
snmp_access deny all
I would appreciate your help.
Thank you.
Andreas
Received on Mon Sep 05 2005 - 12:47:33 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:03 MDT