On Wed, 10 Mar 2010 14:50:50 +0000, "GIGO ." <gigoz_at_msn.com> wrote:
> Dear Amos,
>
> Thank you very much for your detail analysis.I have tried to understood
> and implemented whatever u have told .However i have few more queries.
>
> 1. Best way to move from ufs to aufs? Specially in my scenario.
Check that your squid supports it:
squid -v
one of the options about disk should list ufs,aufs maybe diskd and null
as well.
If so, simply change the config file and reload. There is no disk actions
needed to change between ufs/aufs/diskd.
>
> 2. I think the setting you told about splitting of ftpmp3 will now block
> both FTP protocol and mp3 as well. as different from the original
settings
> where only that ftp sites were blocked that contained mp3s? Am i right.
No. Having two acl on line line only blocks when BOTH match the same
request.
>
> 3. My acls that contained time were not working can u see any problem in
> order or anything. (i have optimized them according to your suggestions
but
> do they also solve the problem of logic as well)
I could not see anything wrong with them.
If you like to try another way of writing the same thing would be:
acl workHours time MTWHF <hours before lunch>
acl workHours time MTWHF <hours after lunch>
>
> 4. Is there a way to block torrentz & rapidshare?
>
Yes, with some restrictions. Only the part of torrent that goes through
HTTP can be blocked by Squid.
Torrent:
acl torrentSeeds urlpath_regex \.torrent(\?.*)?$
Rapidshare:
acl dlSites dstdomain .rapidshare.com .rapidsharemegaupload.com
.filespump.com
I'm not too sure about the rapidshare domains, there are likely some I
don't know about, and some of those may only be look-alike sites.
> 5. I am currently working on squid3 package (stable) that defaults with
> Ubuntu 8.04 LTS. Should i move to 3.0.STABLE24 and how to do that with
best
> ease without having to do all the reconfigurations. The default version
> have a capacity to startup automatically with system boot. Would the
> version i install will also have the same capacity.
You should be able to easily upgrade between 3.0 releases. The main
meaning of that "STABLE" word is that we wont add configuration changes to
3.0 any longer, and features require a very good reason even to be
considered.
>
> 6. With which user Squid should be running the default proxy is ok i am
> running it with default. (Only i have given read+write+execute
permissions
> on the folder /etc/squid3 ** var/log/squid3 to everyone and its working.
Is
> it good enough or its risky.
>
Squid needs to be started as some high-powered user. Commonly root, but
the requirement is only for admin access to certain networking operations.
This is needed by the master instance to catch system signals etc.
The configuration should then specify some very low-level user account
used to do the more dangerous stuff such as listening for public HTTP
requests. That only needs read/write access to logs and squid data dirs
IIRC.
The default is usually set and prepared properly by the distro packager.
Amos
Received on Wed Mar 10 2010 - 23:33:20 MST
This archive was generated by hypermail 2.2.0 : Thu Mar 11 2010 - 12:00:06 MST