Re: [squid-users] Trying to setup a Proxy server - on local machine

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 17 Aug 2008 05:14:49 +1200

O.R.Senthil Kumaran wrote:
> Hello,
> I have a machine which connects directly to internet using ADSL Modem.
> Operating System is Fedora Core 2.
> I want to setup a squid proxy server to test certain scenarios for a
> bug-fix I am working on.
> Squid version in my system is Version 2.5.STABLE6
>
> Following is my squid configuration:
> ----
> http_port 3128
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> cache_dir ufs /var/spool/squid 100 16 256
> cache_access_log /var/log/squid/access.log
> client_netmask 255.255.255.0
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl intranet src 192.168.1.0/24
> cache_dir null /tmp
> http_access allow intranet
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_reply_access allow all
> icp_access allow all
> visible_hostname goofy.goofy.com
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> coredump_dir /var/spool/squid
> ---
>
> With this configuration, I am able to Proxy + Cache the requests when
> Browser is set to goofy.goofy.com:3128 ( My local machine, that is the
> same machine).
>
> But my problem is, I am able to directly connect to Internet also.
> BOTH are working!
> I want the connection to Internet happen only through Proxy. I don't
> want Direct Internet connection to work. How do I do that?
>
> I also tried the suggestions with iptables mentioned here:
> http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
> But that did not help.
>
> Any suggestions?

Upgrade to at least 2.6.
Your version has been obsolete for several years and reverse-proxy
config is much more controllable starting in 2.6.

Amos

-- 
Please use Squid 2.7.STABLE3 or 3.0.STABLE8
Received on Sat Aug 16 2008 - 17:14:44 MDT

This archive was generated by hypermail 2.2.0 : Sun Aug 17 2008 - 12:00:04 MDT