Re: [squid-users] problem with java aplets squid stable 2.6

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 21 Oct 2009 23:49:49 +1300

Hubert Choma wrote:
> Hello
>
> I have squid 2.6 stable on Centos 5.3 from rpm.
>
> I have installed the apache server and proxy on one machine. I have a
> problem with java applets which are opened via a proxy very very
> slow.Without a proxy clients are connecting to this site very fast.

Many versions of Java have issues connecting through proxies. You need
to be using the latest cutting edge java version on every client to have
any confidence that it _might_ use the proxy correctly.

> Apache serves http://geodezja.wolomin.pl site and problem occurs with
> caching
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/Wolomin.php.
>
> I see the java logo and a few minutes, and nothing happens...:(
>
> Please try to cache
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/Wolomin.php aplets
> to run fast on yours squd. It is possible?

Enter one of the URLs at http://www.redbot.org and find out.

>
> Please Check my squid.conf is error-free ?
> Another question is : how to configure Windows Update to pass through
> the cache ?

http://wiki.squid-cache.org/SquidFaq/WindowsUpdate

>
> Please Help!!!
>
> My
>
> squid.conf
>
> http_port 192.168.0.12:8080
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY

Above two lines prevent dynamic pages (URL containing a ?) from being
stored and sped up by the proxy.

> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> cache_mem 650 MB
> maximum_object_size 4194240 KB

  maximum_object_size 4 MB

> cache_dir ufs /var/spool/squid 6500 16 256

cache_dir aufs /var/spool/squid 6500 16 256

> #logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A &mt
> access_log /var/log/squid/access.log squid
> mime_table /etc/squid/mime.conf
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern . 0 20% 4320

Above refresh_pattern matches every URL in existence.

NP: The default patterns provided with Squid are designed to be last and
catch-all for websites with missing cache-control settings.

None of the refresh_patterns below will ever be used...

> refresh_pattern -i \.(gif|jpg|jpeg|png|js|css|flv|bmp|) 0 50% 7200
> reload-into-ims

The regex pattern above collapses to pattern: \.
which matches every URL with a dot in it.

> refresh_pattern update.microsoft.com/windowsupdate/v6/.*\.(cab|exe|dll)
> 43200 100% 43200 reload-into-ims
> refresh_pattern windowsupdate.com/.*\.(cab|exe|dll) 43200 100% 43200
> reload-into-ims
> refresh_pattern windowsupdate.microsoft.com/.*\.(cab|exe|dll) 43200 100%
> 43200 reload-into-ims
> refresh_pattern download.microsoft.com/.*\.(cab|exe|dll) 43200 100%
> 43200 reload-into-ims
> refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll) 43200
> 100% 43200 reload-into-ims
> refresh_pattern symantecliveupdate.com/.*\.(zip|exe) 43200 100% 43200
> reload-into-ims
> refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 100% 43200
> reload-into-ims
> refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 100% 43200
> reload-into-ims

Slightly better if you must use these:

   refresh_pattern
((au\.download\.)?windowsupdate\.com|(download|update).microsoft.com)/.*\.(cab|exe|dll)
43200 100% 43200 reload-into-ims

   refresh_pattern symantecliveupdate.com/.*\.(zip|exe) 43200 100% 43200
reload-into-ims

> refresh_pattern avast.com/.*\.(vpu|vpaa) 4320 100% 43200 reload-into-ims
> refresh_pattern . 0 20% 4320
> range_offset_limit -0 KB

range_offset_limit -1

>
> ## MOJE ACL #####
> acl mojasiec src 192.168.0.0/255.255.255.0

acl mojasiec src 192.168.0.0/24

> acl dozwolone dstdomain -i "/etc/squid/dozwolone.txt"

"-i" is not a valid domain name.

> acl ograniczone_komputery src 192.168.0.3 192.168.0.6 192.168.0.17
> 192.168.0.12 192.168.0.15 192.168.0.16
> acl poczta dstdom_regex .*poczta.* .*mail.*

Using .* to start or stop a regex pattern is a huge waste of CPU time.

> #acl sm9 src 192.168.0.3
> #http_access allow sm9
> acl WindowsUpdate dstdomain -i "/etc/squid/windowsupdate.txt"

"-i" is not a valid domain name.

> acl CONNECT method CONNECT
> http_access allow dozwolone ograniczone_komputery !poczta

dozwolone is a specific set of master sites.
Best to make poczta another set of explicit sub-sites within that set
which are omitted from the allow permission.

For example:
   acl poczta dstdomain mail.sun.com

> http_access allow CONNECT WindowsUpdate mojasiec
> http_access allow WindowsUpdate mojasiec
> acl javascript rep_mime_type -i ^application/x-javascript$

With HTTP/1.1 servers are starting to add strings ";q=N" as part of the
mime types. Removing the $ from that pattern will catch them as well.

NP: the q-bits don't get logged since they are HTTP protocol syntax not
mime type.

> http_access allow javascript

   rep_mime_type ACL can only have meaning on a http_reply_access line.
This will never match.

> acl all src 0.0.0.0/0.0.0.0

acl all src all

> acl hubert proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255

  acl localhost src 127.0.0.1

> acl to_localhost dst 127.0.0.0/8

acl src to)localhost 127.0.0.0/8 0.0.0.0/8

> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 8080
> acl CONNECT method CONNECT
> http_access allow hubert localhost
> http_access deny hubert
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
> icp_access allow all
>
> cache_mgr
> visible_hostname proliant
> log_icp_queries off
> cachemgr_passwd mojehasÅ&#65533;o all

You urgently need to change that password now...

> error_directory /usr/share/squid/errors/Polish
> coredump_dir /var/spool/squid
> #negative_ttl 1
>
>
> dozwolone.txt (allowed sites)
>
> .powiat-wolominski.pl
> .geodezja.wolomin.pl
> .epodgik.pl
> .igeomap.pl
> .geo-system.com.pl
> .gugik.gov.pl
> .geoportal.gov.pl
> .stat.4u.pl
> .adstat.4u.pl
> .home.pl
> .google-analytics.com
> .maps.google.pl
> maps.gstatic.com
> mt0.google.com
> mt1.google.com
> mt2.google.com
> mt3.google.com
>
> .java.com
> .macromedia.com
> .adobe.com
> .tvn24.pl
> .onetwl.pl
> .allegro.pl
> .allegroimg.pl
> .allegrostatic.pl
> .otomoto.pl
> .nasza-klasa.pl
> .update.microsoft.com/microsoftupdate/v6/

  " /microsoftupdate/v6/ " is not a domain name.

> .butikstyle.pl
> .butik.net.pl
> .onet.pl
> .wp.pl
> .zumi.pl
> .rosanegra.pl
> .rosanegra.iai-shop.com.
> .bonprix.pl
> .neckermann.com.pl
>
>
>
> windowsupdate.txt
>
> .go.microsoft.com
> .windowsupdate.microsoft.com
> .update.microsoft.com
> .update.microsoft.com/windowsupdate/v7/default.aspx

" /windowsupdate/v7/default.aspx " is not a domain name.

> download.windowsupdate.com
> .download.microsoft.com
> ntservicepack.microsoft.com
> activex.microsoft.com
> redir.metaservices.microsoft.com
> images.metaservices.microsoft.com
> c.microsoft.com
> crl.microsoft.com
> codecs.microsoft.com
> urs.microsoft.com
>
>
>
> access.log
>
> 14 192.168.0.3 TCP_MISS/200 2757 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/Zielonka.php -
> DIRECT/83.18.17.30 text/html
> 1256109528.609 10 192.168.0.3 TCP_IMS_HIT/304 341 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/resize.js - NONE/-
> application/x-javascript
> 1256109528.797 133 192.168.0.3 TCP_MISS/200 494 GET
> http://www.google-analytics.com/__utm.gif? - DIRECT/74.125.43.100
> image/gif
> 1256109529.075 10 192.168.0.3 TCP_CLIENT_REFRESH_MISS/304 262 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/webmap.jar -
> DIRECT/83.18.17.30 -
> 1256109529.506 87 192.168.0.3 TCP_CLIENT_REFRESH_MISS/304 262 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/pg74.215.jdbc3.jar -
> DIRECT/83.18.17.30 -
> 1256109529.514 8 192.168.0.3 TCP_CLIENT_REFRESH_MISS/304 261 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/postgis.jar -
> DIRECT/83.18.17.30 -
> 1256109529.522 6 192.168.0.3 TCP_CLIENT_REFRESH_MISS/304 262 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/JimiProClassesS.jar -
> DIRECT/83.18.17.30 -
> 1256109529.531 9 192.168.0.3 TCP_CLIENT_REFRESH_MISS/304 262 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/firebirdsql-full.jar -
> DIRECT/83.18.17.30 -
> 1256109529.540 8 192.168.0.3 TCP_NEGATIVE_HIT/404 527 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/MessagesBundle.class -
> NONE/- text/html
> 1256109529.545 0 192.168.0.3 TCP_NEGATIVE_HIT/404 532 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/MessagesBundle.properties
> - NONE/- text/html
> 1256109529.549 1 192.168.0.3 TCP_NEGATIVE_HIT/404 530 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/MessagesBundle_pl.class -
> NONE/- text/html
> 1256109529.553 1 192.168.0.3 TCP_NEGATIVE_HIT/404 535 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/MessagesBundle_pl.properties
> - NONE/- text/html
> 1256109529.558 0 192.168.0.3 TCP_NEGATIVE_HIT/404 533 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/MessagesBundle_pl_PL.class
> - NONE/- text/html
> 1256109529.605 32 192.168.0.3 TCP_CLIENT_REFRESH_MISS/200 901 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/Zielonka.cfg -
> DIRECT/83.18.17.30 text/plain
> 1256109529.614 8 192.168.0.3 TCP_CLIENT_REFRESH_MISS/200 8238 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/iGeoMap.cfg -
> DIRECT/83.18.17.30 text/plain
> 1256109529.627 12 192.168.0.3 TCP_MISS/404 509 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/iGeoMap.cfg -
> DIRECT/83.18.17.30 text/html
> 1256109529.633 1 192.168.0.3 TCP_MISS/404 517 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/iGeoMap.cfg.gz -
> DIRECT/83.18.17.30 text/html
> 1256109529.638 1 192.168.0.3 TCP_MISS/404 509 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/iGeoMap.cfg -
> DIRECT/83.18.17.30 text/html
> 1256109531.142 1319 192.168.0.3 TCP_MISS/200 275 POST
> http://www.igeomap.pl/stat.php - DIRECT/62.129.234.189 text/html
> 1256109531.311 4 192.168.0.3 TCP_CLIENT_REFRESH_MISS/304 260 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/Pictures/Markery/celownik0.gif
> - DIRECT/83.18.17.30 -
> 1256109532.795 1473 192.168.0.3 TCP_CLIENT_REFRESH_MISS/304 329 GET
> http://igeomap.home.pl/users/images/wolomin_mini.png -
> DIRECT/62.129.234.189 text/html
> 1256109532.828 33 192.168.0.3 TCP_CLIENT_REFRESH_MISS/200 639 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/iGeoMap.adr -
> DIRECT/83.18.17.30 text/plain
> 1256109532.835 3 192.168.0.3 TCP_CLIENT_REFRESH_MISS/200 639 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/iGeoMap.adr2 -
> DIRECT/83.18.17.30 text/plain
> 1256109532.839 4 192.168.0.3 TCP_CLIENT_REFRESH_MISS/200 639 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/iGeoMap.usr -
> DIRECT/83.18.17.30 text/plain
> 1256109532.862 22 192.168.0.3 TCP_MISS/404 521 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/asortyment.php.gz -
> DIRECT/83.18.17.30 text/html
> 1256109532.873 3641 192.168.0.3 TCP_MISS/200 6764 CONNECT
> urs.microsoft.com:443 - DIRECT/213.199.167.252 -
> 1256109532.885 3653 192.168.0.3 TCP_MISS/200 6763 CONNECT
> urs.microsoft.com:443 - DIRECT/213.199.167.252 -
> 1256109532.979 113 192.168.0.3 TCP_MISS/200 920 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/asortyment.php -
> DIRECT/83.18.17.30 text/html
> 1256109533.173 2 192.168.0.3 TCP_MISS/200 1113 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/InfoDef/5921.html -
> DIRECT/83.18.17.30 text/html
> 1256109533.178 4 192.168.0.3 TCP_MISS/200 841 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/InfoDef/5171.html -
> DIRECT/83.18.17.30 text/html
> 1256109533.182 4 192.168.0.3 TCP_MISS/200 841 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/InfoDef/5172.html -
> DIRECT/83.18.17.30 text/html
> 1256109533.186 4 192.168.0.3 TCP_MISS/200 908 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/InfoDef/5216.html -
> DIRECT/83.18.17.30 text/html
> 1256109533.192 2 192.168.0.3 TCP_MISS/200 728 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/InfoDef/5151.html -
> DIRECT/83.18.17.30 text/html
> 1256109533.197 4 192.168.0.3 TCP_MISS/200 694 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/InfoDef/5152.html -
> DIRECT/83.18.17.30 text/html
> 1256109533.201 4 192.168.0.3 TCP_MISS/200 694 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/InfoDef/5153.html -
> DIRECT/83.18.17.30 text/html
> 1256109533.205 3 192.168.0.3 TCP_MISS/200 962 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Data/Wolomin/InfoDef/5219.html -
> DIRECT/83.18.17.30 text/html
> 1256109533.507 273 192.168.0.3 TCP_MISS/200 5114 POST
> http://www.epodgik.pl/odgik/sprawdz.php - DIRECT/62.129.234.189 text/html
> 1256109533.601 85 192.168.0.3 TCP_MISS/200 460 POST
> http://www.epodgik.pl/odgik/dostep.php - DIRECT/62.129.234.189 text/html
> 1256109533.679 9 192.168.0.3 TCP_MISS/200 3524 GET
> http://www.geodezja.wolomin.pl/iGeoMap/Program/standard.fon.gz -
> DIRECT/83.18.17.30 application/x-gzi
>
> ----------------------------------------------------
> Od dzisiaj kupujemy ZA TANIEJ na tanio.pl!
> http://klik.wp.pl/?adr=http%3A%2F%2Ftanio.pl%2F%3Fsrc01%3Dc6ac3&sid=888
>
>

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
   Current Beta Squid 3.1.0.14
Received on Wed Oct 21 2009 - 10:49:55 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 21 2009 - 12:00:02 MDT