RE: [squid-users] Squd - Dansguardian - Shorewall, Please Help!! from Chris Robertson on 2005-09-30 (squid-users)

From: Chris Robertson <crobertson@dont-contact.us>
Date: Fri, 30 Sep 2005 09:14:52 -0800

> -----Original Message-----
> From: justin.vogt@bold.k12.mn.us [mailto:justin.vogt@bold.k12.mn.us]
> Sent: Friday, September 30, 2005 6:32 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Squd - Dansguardian - Shorewall, Please Help!!
>
>

Problem described in good detail (intercepting proxy not working properly). Cut for brevity.

>
> Here is my squid.conf file
>
> acl all src 0.0.0.0/0.0.0.0
> acl passport dstdomain .passport.com
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl Olivia src 10.x.x.x/255.255.255.0
> acl Bird src 10.x.x.x/255.255.255.0
> http_access allow Olivia
> http_access allow passport
> http_access allow Bird
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_single_host on

This line looks suspicious... If you are trying to cache multiple servers (the internet), you probably don't want httpd_accel_single_host on (see http://wiki.squid-cache.org/config/httpd_accel_single_host for what it does). I don't know if this is the only problem (I haven't run with an intercepting proxy), but it's definitely _a_ problem.

> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> http_access deny !Safe_ports
> acl CONNECT method CONNECT
> no_cache deny !SSL_ports
>
> I will be forever greatful to anyone that can help me out with this.
> TIA,
>
> Justin Vogt
> BOLD Schools
> Technology Coordinator
> Justin.Vogt@bold.k12.mn.us
> (320)523-1031 ext.117
>
>
>

Chris
Received on Fri Sep 30 2005 - 11:14:54 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:04 MDT