Brodsky, Jared S. wrote:
> Hi all,
>
> I am running Squid 2.6 Stable 3 in Transparent mode and none of my users
> can access msnbc.com from behind the our cache.
I see from the config you are using tproxy. I'd recommend upgrading to
tproxy v4.1+ and the Squid 3.1 as soon as convenient. It's just had
quite a few fixes and being rolled out successfully in some high-load sites.
It's up to you though. We expect formal 3.1 test releases within weeks.
"tcp_outgoing_address 10.100.1.2" has undefined network behavior. It
goes against the tproxy operation usage. tproxy behavior under those
config conditions may be unexpected.
"acl adzapports myport 81" also has undefined behavior as tproxy
intercepted requests work with whatever dstIP:port the client originally
requested. Not squid listening port.
> The cache box itself
> has no problem reaching the site via wget, lynx, or telnet. The strange
> part is that if you have a direct url to one of their CSS files it loads
> fine when behind squid. I can also telnet into msnbc.com from machines
> behind the proxy as well. I have added into my conf file the following
> which had no effect:
>
> acl msnbc dstdomain .msnbc.msn.com
> cache deny msnbc
>
> I have tried this with no luck as well >
> http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-699d810035c0
> 99c8b4bff21e12bb365438a21027
>
> Note: msnbc.com redirects to www.msnbc.msn.com.
> We can get to msn.com just fine, as well as cnbc.com. I think there is
> a problem w/ my conf file with the rewrite statements I have in
> conjunction w/ how msnbc redirects their traffic. I have attached my
> conf file below.
>
> Any help would be greatly appreciated.
>
> ----------------------------------------
> http_port 81 transparent tproxy
> http_port 3128
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> cache_mem 525 MB
> cache_swap_low 93
> cache_swap_high 95
> maximum_object_size 300 MB
> maximum_object_size_in_memory 100 MB
> cache_replacement_policy heap LFUDA
> memory_replacement_policy heap GDSF
> cache_dir aufs /var/spool/squid/ 20480 16 256
> access_log /var/log/squid/access.log
> log_fqdn on
> ftp_user proxy_at_greatertalent.com
> ftp_list_width 64
> hosts_file /etc/hosts
> acl adzapports myport 81
> acl adzapmethods method HEAD GET
> url_rewrite_access deny !adzapmethods
> url_rewrite_access allow adzapports
> refresh_pattern ^ftp: 1440 20% 10080 reload-into-ims
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320 reload-into-ims
> refresh_pattern cgi-bin 0 0% 0
> refresh_pattern \? 0 0% 0
> refresh_pattern . 0 20% 4320
> refresh_pattern (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> quick_abort_min 64 KB
> quick_abort_max 512 KB
> quick_abort_pct 50
> range_offset_limit 1 MB
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 # https
> acl SSL_ports port 563 # snews
> acl SSL_ports port 873 # rsync
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 873 # rsync
> acl purge method PURGE
> acl CONNECT method CONNECT
> refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache
> override-expire ignore-private
> quick_abort_min -1 KB
> acl youtube dstdomain .youtube.com
> cache allow youtube
> hierarchy_stoplist cgi-bin ?
> cache allow all
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> acl gtn_lan src 10.1.1.0/24
> acl gtn_lan2 src 10.100.1.0/24
> http_access allow gtn_lan
> http_access allow gtn_lan2
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> tcp_outgoing_address 10.100.1.2
> log_access deny localhost
> log_access allow all
> cache_mgr cache_mgr_at_greatertalent.com
> mail_from squid_at_squid.greatertalent.com
> cache_effective_group proxy
> httpd_accel_no_pmtu_disc on
> append_domain .greatertalent.com
> memory_pools_limit 64 MB
> via off
> forwarded_for off
> snmp_port 3401
> acl snmp_public snmp_community public
> acl snmp_probes src 10.1.1.0/24
> acl snmp_probes src 10.100.1.0/24
> snmp_access allow snmp_public localhost snmp_probes
> snmp_access deny all
> strip_query_terms off
> coredump_dir /var/spool/squid
> pipeline_prefetch on
>
Amos
-- Please use Squid 2.7.STABLE4 or 3.0.STABLE9Received on Sat Sep 27 2008 - 07:23:07 MDT
This archive was generated by hypermail 2.2.0 : Sat Sep 27 2008 - 12:00:03 MDT