Re: [squid-users] Time-based oddity that I can't quite nail down...

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 14 Nov 2009 17:21:38 +1300

Kurt Buff wrote:
> On Thu, Nov 12, 2009 at 16:49, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> The squidclient tool fits into the niche gap between telnet and lynx.
>> Allowing a simple input of the request URL and optional other details and
>> producing a dump of the results. It has no large dependencies.
>>
>> To test through the proxy:
>> squidclient http://example.com/
>>
>> To test without proxy:
>> squidclient -h example.com -p 80 /
>
> I am unable to perform the test as described. I seem to have a
> configuration issue in Squid, as I get the error output listed below
> when trying issuing, for example, 'squidclient http://www.example.com'
> - but 'squidclient -h example.com -p 80 /' works just fine. I'm not
> sure what to change in squid.conf to fix this. The IP address of the
> is in the 192.168.8.0/24 subnet, if that matters.

Ah, yes. You don't allow localhost access to the proxy.

In which case for you it is:
   squidclient -h $PROXYIP http://example.com/

>
> Kurt
>
<snip>
>
> ----------Begin Squid.conf-----------
> http_port 3128
> hierarchy_stoplist cgi-bin ?
>
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
>
> cache_mem 1536 MB
> cache_dir aufs /squid 54476 512 1024
>
> logformat combined %>a %>A %<A [%tl] "%rm %ru HTTP/%rv" %Hs %<st
> "%{Referer}>h" "%{User-Agent}>h" %Ss
>
> access_log syslog combined
> access_log /usr/local/squid/logs/access.log combined
> logfile_rotate 90
>
> acl QUERY urlpath_regex cgi-bin \?
> # acl all src 0.0.0.0/0.0.0.0
> acl our_networks src 10.0.0.0/8 192.168.8.0/24 192.168.10.0/24
> 192.168.11.0/24 192.168.12.0/24 192.168.13.0/24 192.168.15.0/24
> 192.168.24.0/24
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

localnet is the 3.x name for our_networks. You can use your
"our_networks" list and drop the other out of the config entirely.

> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> # Header_access lines below added to alleviate issue with downloading PDFs
> # 2009-05-12
> request_header_access Unless-Modified-Since deny all
> request_header_access Translate deny all
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow our_networks
> http_access deny all

The above "http_access deny all" entry prevents all following
http_access lines from ever working.

> http_reply_access allow all
> http_access allow localnet
> http_access deny all

Same again here on this one.

>
> # MSN Messenger
>
> acl msn urlpath_regex -i gateway.dll
> acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
> acl msn1 req_mime_type application/x-msn-messenger
>
> http_access allow msnd
> http_access allow msn
> http_access allow msn1
>
> icp_access allow localnet
> icp_access deny all
>
> htcp_access allow localnet
> htcp_access deny all
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern (cgi-bin|\?) 0 0% 0

Please use the pattern:
   -i (/cgi-bin/|?)

> refresh_pattern . 0 20% 4320
> visible_hostname zsquid2.mycompany.com
> icp_port 3130
> coredump_dir /usr/local/squid/cache
> ----------End Squid.conf----------

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
   Current Beta Squid 3.1.0.14
Received on Sat Nov 14 2009 - 04:22:13 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 24 2009 - 12:00:04 MST