Matthew Morgan wrote:
> Matthew Morgan wrote:
>> On Fri, Nov 6, 2009 at 10:03 PM, Amos Jeffries <squid3_at_treenet.co.nz>
>> wrote:
>>
>>> Matthew Morgan wrote:
>>>
>>>> Matthew Morgan wrote:
>>>>
>>>>> Are there any known issues with squid 3.x and apt-get update on
>>>>> Ubuntu?
>>>>> On 2.7 everything worked fine, but on 3.0-stable19 and
>>>>> 3.0-stable20, I get
>>>>> random 404 responses when doing apt-get update. I tried starting
>>>>> with a
>>>>> fresh cache, but no dice. Here's my squid.conf:
>>>>>
>>>> Quick note: the errors are not always 404's. Sometimes they are like:
>>>>
>>>> Err http://us.archive.ubuntu.com jaunty Release.gpg
>>>> The HTTP server sent an invalid reply header [IP: 91.189.88.45 80]
>>>>
>>> You may be encountering the remains of bug #7. Or some upstream
>>> provider
>>> with bug #2624 (fixed in 3.0.stable20).
>>>
>>> If you can track down what that invalid reply header is and whether its
>>> coming into Squid from the web server would be a great help.
>>>
>>
>> I'll fix the other problems with my config that you saw, and if this
>> doesn't go away I'll do some tracking and let you know. Thanks!
>>
>>
>>> Amos
>>> --
>>> Please be using
>>> Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
>>> Current Beta Squid 3.1.0.14
>>>
>>>
>>
>>
> It looks like for some reason the .bz2 extensions is getting dropped
> off some of the urls. With squid-2.7 (which works), there are many
> requests like the following:
>
> http://us.archive.ubuntu.com/ubuntu/dists/jaunty-security/main/binary-i386/Packages.bz2
>
>
> With 3.x, a few of them look like this:
>
> http://us.archive.ubuntu.com/ubuntu/dists/jaunty-security/main/binary-i386/Packages
>
>
> They're identical, but somewhere the file extension is getting ripped
> off...but only on some of them. Do you know of a way to find out
> where this is happening? I don't exactly grok squid yet, so I don't
> think I'm equipped to divine the answer from the source code.
>
Apparently I only get the dropped .bz2 extensions when using squid
transparently, which is how our network is set up. If I manually
specify http_proxy on my workstation to point to squid directly, I don't
have any problems with apt-get update. Has anyone ever heard of this?
Here's my updated squid config (this is 3.0-STABLE20, btw).
visible_hostname proxy
http_port 192.168.2.1:3128 transparent
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl snmppublic snmp_community public
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl localnet src 192.168.2.0/24
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localnet
http_access allow manager localhost
http_access deny manager
http_access allow purge localnet
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
hierarchy_stoplist cgi-bin ?
cache_dir diskd /usr/local/squid/var/cache 15000 16 256
maximum_object_size 819200 KB
access_log /usr/local/squid/var/logs/access.log squid
pid_filename /var/run/squid.pid
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 10080 100%
43200 reload-into-ims override-expire
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080
100% 43200 reload-into-ims override-expire
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100%
43200 reload-into-ims override-expire
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf)
4320 100% 43200 reload-into-ims override-expire
refresh_pattern updates.superantispyware.com/sas_processlist.* 1440
100% 1441 ignore-reload override-lastmod override-expire
refresh_pattern http://mbam-cdn.malwarebytes.org/.* 1440 100% 1441
ignore-reload override-lastmod override-expire
refresh_pattern http://download682.avast.com/.* 1440 100% 1441
ignore-reload override-lastmod override-expire
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user proxy
cache_effective_group proxy
snmp_port 3401
snmp_access allow snmppublic localnet
snmp_access allow localnet
snmp_access allow localhost
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
hosts_file /etc/hosts
coredump_dir /usr/local/squid/var/cache
Received on Fri Nov 13 2009 - 20:59:13 MST
This archive was generated by hypermail 2.2.0 : Sat Nov 14 2009 - 12:00:02 MST