Re: [squid-users] my squid hang up

mkdracoor wrote:
> hello my problem is that a can't search anything in google the page open
> good but when I search for anything the proxy give an error of "time
> out" here is my conf file. I don't now if I missing something please
> help me
> thanks

The error page from squid (it is from squid right?) should have at least
a message from squid saying what it was doing or which timeout.

>
>
> # Configuracion Squid by mkdracoor
> # ----------------------------
> #
> # This is the default Squid configuration file. You may wish
> # to look at the Squid home page (http://www.squid-cache.org/)
> # for the FAQ and other documentation.
> #
> # The default Squid config file shows what the defaults for
> # various options happen to be. If you don't need to change the
> # default, you shouldn't uncomment the line. Doing so may cause
> # run-time problems. In some cases "none" refers to no default
> # setting at all, while in other cases it refers to a valid
> # option - the comments for that keyword indicate if this is the
> # case.
> #
>
>
> # NETWORK OPTIONS
> #
> -----------------------------------------------------------------------------
>
>
> http_port 3128
>
> # cache_peer
> cache_peer 192.168.22.75 parent 3128 0 default no-query login=PASS
> cache_peer_domain 192.168.22.75

WTF? so there are no domains this peer serves for?
Might as well remove it entirely then and save squid much processing time.

Maybe thats the timeout?

> #________________________________________________________________________________________
>
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
>
> cache_mem 100 MB
> cache_swap_low 90
> cache_swap_high 95
> cache_dir ufs /var/cache/squid 500 16 256
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> #----------------------------------------------------------------------------
>
> log_fqdn off
> log_mime_hdrs off
> emulate_httpd_log off
> half_closed_clients off
> cache_access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
> log_ip_on_direct off
> client_netmask 255.255.255.0
> #__________________________________________________________________________________________
>
> ftp_user proxy@jcmaso3
> ftp_list_width 32
> ftp_passive on
> ftp_sanitycheck off
> hosts_file /etc/hosts
>
>
> # Autentificación.
> # --
> authenticate_ttl 30 minutes
> authenticate_ip_ttl 0 seconds
> auth_param basic children 5
> auth_param basic realm Internet Proxy-Caching (JCCE MASO III)
> auth_param basic credentialsttl 5 minutes
> auth_param basic casesensitive on
> authenticate_cache_garbage_interval 1 hour
> auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
>
> # Timeouts.
> # --
> forward_timeout 4 minutes
> connect_timeout 1 minute
> peer_connect_timeout 30 seconds
> read_timeout 5 minutes
> request_timeout 1 minute
> persistent_request_timeout 1 minute
> client_lifetime 1 day
> half_closed_clients on
> pconn_timeout 120 seconds
> ident_timeout 10 seconds
> shutdown_lifetime 30 seconds
>
> # ACLs.
> # --
> acl PURGE method PURGE
> acl CONNECT method CONNECT
> acl manager proto cache_object
> acl passwd proxy_auth REQUIRED
>
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/255.255.255.255
> #acl intranet src 192.168.3.34/45

It's the /45 breaking that. There is no IPv4 CIDR /45.
Maybe you intended to write: 192.168.3.34-192.168.3.45

> acl jc_ips src "/etc/squid/jc_ips"
>

Following ACL never used:

> acl SSL_ports port 443 563
> acl Safe_ports port 80 443 # HTTP, HTTPS
> acl Safe_ports port 21 # FTP
> acl Safe_ports port 563 # HTTPS, SNEWS
> acl Safe_proxy port 3128 # PROXY
> acl Safe_admin port 70 # GOPHER
> acl Safe_admin port 210 # WAIS
> acl Safe_admin port 280 # HTTP-MGMT
> acl Safe_admin port 488 # GSS-HTTP
> acl Safe_admin port 591 # FILEMAKER
> acl Safe_admin port 777 # MULTILING HTTP
> acl Safe_admin port 1025-65535 # Unregistered Ports
> # ACLs Personalizadas.
> acl porno0 dstdomain "/etc/squid/filtros/porno0"
> acl peligroso0 dstdomain "/etc/squid/filtros/peligroso0"
> acl peligroso1 url_regex "/etc/squid/filtros/peligroso1"
> acl noporno0 dstdomain "/etc/squid/filtros/noporno0"
> acl noporno1 url_regex "/etc/squid/filtros/noporno1"
> acl descargas0 urlpath_regex "/etc/squid/filtros/descargas0"
> acl descargas1 url_regex "/etc/squid/filtros/descargas1"
> acl sitesall dstdomain "/etc/squid/filtros/sitesall"
>
> # Reglas Default.
> http_access allow manager localhost
> http_access deny manager
> http_access allow PURGE localhost
> http_access deny PURGE
> http_access allow jc_ips passwd
> http_access deny all
>

EVERTHING deny!

Following NEVER match:

> #Permitir y Denegar Filtros
> http_access deny all porno0
> http_access deny all peligroso0
> http_access deny all peligroso1
> http_access allow all noporno0 noporno1
> http_access allow all descargas0 descargas1

> # Parametros Administrativos.
> # --
> mail_program mail
> cache_mgr proxy@jcmaso3
> cache_effective_user proxy
> visible_hostname proxy.jcmaso3
>
> # Misceláneas
> # --
> ie_refresh off
> retry_on_error on
> redirector_bypass off
> cachemgr_passwd disable all
> dead_peer_timeout 10 seconds
> hierarchy_stoplist cgi-bin ?
> mime_table /etc/squid/mime.conf
> coredump_dir /var/cache/squid
> icon_directory /etc/squid/icons
> error_directory /etc/squid/errors/Custom
>

Amos

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.