Re: [squid-users] Re: re[squid-users] verse proxy headache

>
> Hi please help me i am new to squid, i have squid 2.5 my squid.conf is
> below
> please help.... i am not able to brows our internet

Please try Squid 2.6 or 3.0.
Much better for reverse-proxy and the online config demos are usually for
the new version.

Your config below should work in either of those releases without trouble.

Amos

>
> #Default:
> # http_port 3128
> http_port 8080
>
> #Default:
> # none
> #cache_peer proxy.saudi.net.sa parent 8080 3130 default no-query
> #cache_peer 62.149.115.12 parent 8080 3130 default no-query
> cache_peer proxy.nour.net.sa parent 8080 3130 default no-query
>
> #Default:
> # cache_dir ufs /var/spool/squid 100 16 256
> cache_dir ufs /cache1 8000 16 256
> cache_dir ufs /cache2 8000 16 256
>
> #Default:
> # cache_access_log /var/log/squid/access.log
> cache_access_log /var/log/squid/access.log
>
> #Default:
> # pid_filename /var/run/squid.pid
> pid_filename /var/run/squid.pid
>
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
>
> #Recommended minimum configuration:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> acl snmpsaudiedi snmp_community rtgg0v1
>
> #Recommended minimum configuration:
> #
> # Only allow cachemgr access from localhost
> http_access allow manager localhost
> http_access deny manager
> # Deny requests to unknown ports
> http_access deny !Safe_ports
> # Deny CONNECT to other than SSL ports
> http_access deny CONNECT !SSL_ports
> #
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>
> # Example rule allowing access from your local networks. Adapt
> # to list your (internal) IP networks from where browsing should
> # be allowed
> #acl our_networks src 192.168.1.0/24 192.168.2.0/24
> #http_access allow our_networks
> acl user_networks src 192.168.19.0/24
> acl svr_networks src 192.168.17.0/24
> acl dmz_networks src 62.149.115.128/25
>
> http_access allow user_networks
> http_access allow svr_networks
> http_access allow dmz_networks
> icp_access allow user_networks
> icp_access allow svr_networks
> icp_access allow dmz_networks
>
> # And finally deny all other access to this proxy
> http_access allow localhost
> http_access deny all
>
> #Default:
> # http_reply_access allow all
> #
> #Recommended minimum configuration:
> #
> # Insert your own rules here.
> #
> #
> # and finally allow by default
> http_reply_access allow all
>
> # TAG: icp_access
> # Allowing or Denying access to the ICP port based on defined
> # access lists
> #
> # icp_access allow|deny [!]aclname ...
> #
> # See http_access for details
> #
> #Default:
> # icp_access deny all
> #
> #Allow ICP queries from everyone
> icp_access allow all
>
> #Default:
> # none
> visible_hostname proxy1
>
> #Example:
> # snmp_access allow snmppublic localhost
> # snmp_access deny all
> #
> #Default:
> # snmp_access deny all
> snmp_access allow snmpsaudiedi user_networks
> snmp_access deny all

Amos
Received on Tue Feb 12 2008 - 18:18:26 MST