How about contacting google for advise?
They are the one that forces you to the issue.
They don't like it that you have a 1k clients behind your IP address.
They should tell you what to do.
You can tell them that you are using squid as a forward proxy to enforce
usage acls on users inside the network.
It's not a share to use squid...
It's a shame that you cannot get a reasonable explanation to the reason
you are blocked...
Eliezer
On 06/27/2014 02:43 AM, squid_at_proxyplayer.co.uk wrote:
> So, I added those and restarted...still get the "your computer may be
> sending automated queries" error form google.
> I then set x forwarded for to off, no change.
> Then commented out via, no change.
>
> Current conf:
>
> auth_param basic realm AAA proxy server
> auth_param basic credentialsttl 2 hours
> auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
> authenticate_cache_garbage_interval 1 hour
> authenticate_ip_ttl 2 hours
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 1863 # MSN messenger
> acl ncsa_users proxy_auth REQUIRED
> acl CONNECT method CONNECT
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> http_access allow localhost
> http_access allow ncsa_users
> http_access deny all
> icp_access allow all
> http_port 8080
> access_log /var/log/squid/access.log squid
> cache_log /var/log/squid/cache.log
> buffered_logs on
> half_closed_clients off
> visible_hostname AAAProxyServer
> log_icp_queries off
> dns_nameservers 208.67.222.222 208.67.220.220
> hosts_file /etc/hosts
> memory_pools off
> client_db off
> delay_pools 1
> delay_class 1 2
> delay_parameters 1 -1/-1 400000/400000
> forwarded_for on
> via on
> cache_mem 256 MB
>
>
> Quoting Amos Jeffries <squid3_at_treenet.co.nz>:
>
>> On 8/06/2014 5:06 a.m., Lawrence Pingree wrote:
>>> I use the following but you need to make sure you have no looping
>>> occurring in your nat rules if you are using Transparent mode.
>>>
>>> forwarded_for delete
>>> via off
>>
>> Given that the notice is above traffic volume arriving at Google (not
>> looping) you probably actually need "via on" to both protect against
>> looping and tell google there is a proxy so they should use different
>> metrics.
>>
>> You could also cache to reduce the upstream connection load. Squid does
>> in-memory caching well enough for up to MB sized objects if you give it
>> some cache_mem and remove that "cache deny all" (cache_dir is optional
>> and disabled by default in squid-3).
>>
>> Amos
>>
>>
>
>
>
>
> ----- End forwarded message -----
>
>
Received on Fri Jun 27 2014 - 02:37:18 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 27 2014 - 12:00:05 MDT