Well the only issue I really have is that any host that is MANUALLY
configure for the squid gets cache hits on the hosts in the
localdomain, which really isny a problem, considering none of my hosts
are manually configured, and its all done via forwarding on the router.
So in essence, squid is doing what I want it to do, caching all
traffic, and letting the local hosts go directly to local webservers on
the intranet.
I was just surprised and bewildered by the lack of log file generation
when trying to access a local webserver. I would have expected to see
logs with DIRECT in them rather than a lack of logs all together.
Of course I get log files just
fine when accessing normal web sites, and logs, and squid functions.
On Wed, 06 Jun 2012 18:51:02 +0300
Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> you might have an accept rule before the redirect in iptalbes.
>
> Eliezer
> On 06/06/2012 18:17, bnichols wrote:
> > One thing that ive noticed is that on machines being forwarded to my
> > squidbox via my router, all other sites show up in the access.log
> > and everything functions fine, however, when I try to access the
> > webserver residing on the squid box there are no logs at all
> > generated for those requests. I would expect to see DIRECT there.
> >
> > Equally of note, when I manually enter the proxy config into the
> > browsers, I get access.log entries for the domain, along with cache
> > hits of course.
> >
> > Just find it interesting that there is no log generation when the
> > webserver is accessed from a machine on the lan being forwarded by
> > my router.
> >
> >
> > On Wed, 06 Jun 2012 18:05:49 +0300
> > Eliezer Croitoru<eliezer_at_ngtech.co.il> wrote:
> >
> >> there was a bug on some old version of squid.
> >> you better use the newest version.
> >>
> >> ELiezer
> >> On 06/06/2012 18:01, mrnicholsb wrote:
> >>> Im scratching my head here, Ive got an issue thats driving me
> >>> bonkers...
> >>>
> >>> 1338994323.846 0 10.10.1.105 TCP_IMS_HIT/304 278 GET
> >>> http://deviant.evil/ - NONE/- text/html
> >>>
> >>> Clearly this local site is being cached, what is frustrating is
> >>> that I have the following meta tag on the page
> >>>
> >>> <meta http-equiv="Cache-control" content="no-cache">
> >>>
> >>> Yet squid is apparently ignoring that directive completely.
> >>>
> >>> Ok, no problem, so we set our conf up to always go direct for
> >>> localnet acl right? No dice, still caching,
> >>>
> >>> Could one of you be so kind as to take a look at my conf and tell
> >>> me why?
> >>>
> >>>
> >>> ##############################################################
> >>>
> >>> #transparent because ddwrt is forwarding traffic to it
> >>> http_port 3128 transparent
> >>> #parent disabled due to location outside scope of firewall rules
> >>> #cache_peer 192.168.1.205 parent 3128 3129 default
> >>> # no-query no-digest
> >>> never_direct deny all
> >>>
> >>> refresh_pattern ^ftp: 1440 20% 10080
> >>> refresh_pattern ^gopher: 1440 0% 1440
> >>> refresh_pattern (/cgi-bin/|\?) 0 0% 0
> >>> refresh_pattern . 0 20% 4320
> >>>
> >>> dns_nameservers 10.10.1.1
> >>> hosts_file /etc/hosts
> >>> cache_swap_low 95
> >>> cache_swap_high 98
> >>> access_log /var/log/squid3/access.log
> >>> cache_mem 320 MB
> >>> memory_pools on
> >>> maximum_object_size_in_memory 512 KB
> >>> maximum_object_size 400 MB
> >>> log_icp_queries off
> >>> half_closed_clients on
> >>> cache_mgr mrnicholsb_at_gmail.com
> >>> cache_dir ufs /mnt/secondary/var/spool/squid3 30000 32 256
> >>> visible_hostname deviant.evil
> >>> shutdown_lifetime 1 second
> >>>
> >>> #icap_enable on
> >>> #icap_send_client_ip on
> >>> #icap_send_client_username on
> >>> #icap_client_username_encode off
> >>> #icap_client_username_header X-Authenticated-User
> >>> #icap_preview_enable on
> >>> #icap_preview_size 1024
> >>> #icap_service service_req reqmod_precache bypass=1
> >>> icap://127.0.0.1:1344/squidclamav
> >>> #adaptation_access service_req allow all
> >>> #icap_service service_resp respmod_precache bypass=1
> >>> icap://127.0.0.1:1344/squidclamav
> >>> #adaptation_access service_resp allow all
> >>>
> >>> acl manager proto cache_object
> >>> acl localhost src 127.0.0.1/32
> >>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> >>> acl localnet src 10.10.1.0/24
> >>> acl blacklist dstdomain "/mnt/secondary/squid3/squid-block.acl"
> >>>
> >>> acl SSL_ports port 443
> >>> acl Safe_ports port 80
> >>> acl Safe_ports port 21 # http
> >>> acl Safe_ports port 443 # ftp
> >>> acl Safe_ports port 70 # https
> >>> acl Safe_ports port 210 # gopher
> >>> acl Safe_ports port 1025-65535 # wais
> >>> acl Safe_ports port 280 # unregistered ports
> >>> acl Safe_ports port 488 # http-mgmt
> >>> acl Safe_ports port 591 # gss-http
> >>> acl Safe_ports port 777 # filemaker
> >>> acl CONNECT method CONNECT # multiling http
> >>>
> >>> always_direct allow localnet
> >>>
> >>> #icp_access allow localnet
> >>> #icp_access deny all
> >>>
> >>> http_access deny blacklist
> >>> http_access allow manager localhost
> >>> http_access deny manager
> >>> http_access deny !Safe_ports
> >>> http_access deny CONNECT !SSL_ports
> >>> http_access allow localhost
> >>> http_access allow localnet
> >>> http_access deny all
> >>>
> >>>
> >>> #Thanks heaps in advance. Squid 3.1.6-1.2 Debian Squeeze
> >>>
> >>>
> >>
> >>
> >
>
>
Received on Wed Jun 06 2012 - 16:10:50 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 07 2012 - 12:00:02 MDT