Re: [squid-users] Changes to config file issues

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Tue, 10 Sep 2013 19:49:09 +0300

Hey there,

From the squid.conf it seems like a basic squid server config which
allows all and any user in the world to use the proxy hence it is
recommended to firewall it and even if it's under nat restrict the
access to the server.

I do not know exactly how the squid.conf that comes from with EL6 looks
like now but I would recommend you to use it and add\change the needed
lines.
I would recommend to use a newer version of squid like 3.2.X or 3.3.X
but it's up to you..(and since you are testing..).

add the following settings to the squid.conf.default that comes with 3.1.10

http_access allow all
http_port 8021

The above lines are the only needed additions commpared to the old
squid.conf file.

If you will need some more help just ask and dont forget to respond to
the mail with the results.

Eliezer

On 09/10/2013 07:24 PM, Gomes, Rich wrote:
> We had Squid 2.6.Stable21 running on an EL 5 server. Due to some new requirements we needed to build a new server with EL6. This came with Squid 3.1.10
>
> Copying the old config file to the new server hasn't worked. We have had to comment out some lines which the new version no longer supports.
> Squid is now able to start but every time we try to connect to an external host we receive TCP_MISS/503 and TCP_MISS/404 errors in the access log.
>
> Here is the config from the EL5 server.
> What need to be corrected to get this to work as before?
>
> NOTE: We can switch to the EL5 server and connect without issue so it is clearly an issue with the upgrade from 2.6.x to 3.1.x
>
>
>
> #Recommended minimum configuration:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow all
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access deny all
>
> icp_access allow all
>
> http_port 8021
>
> hierarchy_stoplist cgi-bin ?
>
> access_log /var/log/squid/access.log squid
>
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
>
> coredump_dir /var/spool/squid
>
>
>
> Thanks in advance
>
>
>
>
>
>
> Rich Gomes | Senior Systems Administrator, AUCA System Services | ARAMARK Uniform & Career Apparel
> Tel: 781.763.4508 | Fax: 781.763.2508
> Rich.Gomes_at_uniform.aramark.com | www.aramark-uniform.com
>
Received on Tue Sep 10 2013 - 16:49:20 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 10 2013 - 12:00:04 MDT