Re: [squid-users] Should I see a massive slowdown when chaining squid => privoxy from Amos Jeffries on 2011-06-04 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 04 Jun 2011 19:57:56 +1200

On 04/06/11 08:16, Harry Putnam wrote:
> Setup: Gentoo linux OS on squid and privoxy home lan server
> Squid-3.1.12
> privoxy-3.0.17
>
> I'm not running an html server, just trying to use squid and privoxy
> for my own browsing.
>
> I'm attempting to get started with squid and privoxy. So far using
> nearly original config files in both cases.
>
> First I tried just using privoxy without squid and that seemed to work
> OK.
>
> I set the privoxy listen-address in /etc/privoxy/config like:
>
> listen-address 192.168.0.2:8118
> (The address of a gmane box on the lan)
>
>
> I was not able to access gmail thru a firefox gadget but could get
> gmail directly alright. But other than that, No real noticeable
> change in browsing speed as against NO proxy at all.
>
>
> I then used this website to help setup squid:
> https://www.antagonism.org/web/squid-proxy.shtml
>
> And did the things suggested there.
>
> Chaining in this direction:
> Browser -> Squid -> Privoxy -> Privoxy's IP -> Public Internet
>
> Adding squid into the mix... I Added these two lines to the end of
> squid.conf:
>
> cache_peer 192.168.0.2 parent 8118 0 default no-query no-digest no-netdb-exchange
> never_direct allow all
>
> And uncommented these lines in squid.conf:
>
> acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
>
> header_access From deny all
> header_access Referer deny all
> header_access Server deny all

> header_access User-Agent deny all
> header_access WWW-Authenticate deny all

I kind of doubt you actually want these two above.
The first hides your browser from website (okay so you *might* want that
one) which will make many of teh modern browser sniffing websites simply
not work.
The second blocks website authentication from working. It is a manual
process by you whether you let the browser login in the first place.
Preventing you from ever choosing Yes to that seems a bit extreme.

NOTE: with Squid-3.1 these are also split into request_header_access and
reply_header_access directives.
Run "squid -k parse" to see if there are any other easily detectable
bad problems in the config.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.8 and 3.1.12.2

Received on Sat Jun 04 2011 - 07:58:05 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 04 2011 - 12:00:01 MDT