Re: [squid-users] ACL Problem

From: Der Dutz <derdutz_at_yahoo.com>
Date: Mon, 30 Jun 2014 02:25:49 -0700

Hi Eliezer, Thanks for your kind respond. actually im reposting because i see on http://marc.info/ that my email is unreadable because the format from the email client i used (yahoo internal send mail editor), because its unreadable then im afraid no one will reply to it. Ok for the squid problem, i think it is cause by the squid server, because when im skipping squid server, the web access for this url not having these problem. In the access log i only see the user can access the main web  [root@localhost html]# tail -f /var/log/squid/access.log | grep 192.25.80.58 2014-06-30 16:26:42 64 192.25.80.58 TCP_MISS/200 30289 GET http://989321dut38h.sbobet.com/euro/ - DIRECT/103.11.41.9 text/html 2014-06-30 16:26:42 -131 192.25.80.58 TCP_MISS/200 48308 GET http://989321dut38h.sbobet.com/en/resource/e/euro-static.js? - DIRECT/103.11.41.9 application/x-javascript 2014-06-30 16:26:42 -137 192.25.80.58 TCP_MISS/200 15143 GET http://989321dut38h.sbobet.com/en/resource/e/euro-dynamic.js? - DIRECT/103.11.41.9 application/x-javascript but for the other css / js file needed for these main web is not found in access.log. Here is my squid.conf : http_port 888 transparent cache_mem 128 MB cache_mgr xxxxxxxxx  cachemgr_passwd xxxxx all cache_dir aufs /var/spool/squid 8000 256 256  cache_dir aufs /var/spool/squid1 8000 256 256 cache_dir aufs /var/spool/squid2 8000 256 256 cache_dir aufs /var/spool/squid3 8000 256 256 cache_dir aufs /var/spool/squid4 8000 256 256 cache_dir aufs /var/spool/squid5 8000 256 256 cache_dir aufs /var/spool/squid6 8000 256 256 cache_dir aufs /var/spool/squid7 8000 256 256 cache_dir aufs /var/spool/squid8 8000 256 256 logformat squid %{%Y-%m-%d %H:%M:%S}tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt  max_filedesc 8000 dns_nameservers 192.168.189.189 cache_access_log /var/log/squid/access.log squid request_body_max_size 0 KB cache_log /var/log/squid/cache.log server_http11 on  cache_store_log none  negative_ttl 1 minutes maximum_object_size 200 MB half_closed_clients off cache_effective_user squid cache_effective_group squid cache_swap_high 95 cache_swap_low 90 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF maximum_object_size_in_memory 640 KB zph_mode tos zph_local 0x30 zph_parent 0x30 #zph_sibling 0x10 zph_option 136 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY pid_filename /var/run/squid.pid auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4 refresh_pattern -i exe$ 0 800% 999999 ignore-reload refresh_pattern -i zip$ 0 800% 999999 ignore-reload refresh_pattern -i tar\.gz$ 0 800% 999999 ignore-reload refresh_pattern -i tgz$ 0 800% 999999 ignore-reload refresh_pattern -i rar$ 0 800% 999999 ignore-reload refresh_pattern -i rpm$ 0 800% 999999 ignore-reload refresh_pattern -i cab$ 0 800% 999999 ignore-reload refresh_pattern -i pdf$ 0 800% 999999 ignore-reload refresh_pattern -i bin$ 0 800% 999999 ignore-reload refresh_pattern -i dat$ 0 800% 999999 ignore-reload refresh_pattern -i gif$ 21600 999% 999999 refresh_pattern -i jpeg$ 21600 999% 999999 refresh_pattern -i jpg$ 21600 999% 999999 refresh_pattern -i png$ 0 500% 999999 refresh_pattern -i jpe$ 21600 999% 999999 refresh_pattern -i tif$ 21600 999% 999999 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod refresh_pattern ^http://*.googlesyndication.*/.* 720 90% 4320 # various windows versions refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://.*\.update\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://download\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://w?xpsp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://w2ksp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims refresh_pattern download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims # and some other windows updaters refresh_pattern http://download\.macromedia\.com/ 0 80% 20160 reload-into-ims refresh_pattern ftp://ftp\.nai\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://ftp\.software\.ibm\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://.*\.grisoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://download\.lavasoft\.de*/ 0 80% 20160 reload-into-ims refresh_pattern ftp://ftp\.nai\.com/ 0 80% 20160 reload-into-ims # repositories refresh_pattern http://.*\.archive\.ubuntu\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://www\.getautomatix\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://wine\.budgetdedicated\.com/ 0 80% 20160 reload-into-ims refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 10800 20% 10800 ignore-no-cache ignore-private override-expire ignore-reload ignore-auth negative-ttl=40320 max-stale=10 #acl googlesyn dstdomain *.googlesyndication.com #http_access deny googlesyn #acl blockeddomain dstdomain "/etc/blocked.domains.acl" #acl adsites dstdomain url_regex "/etc/adlist.acl" #acl adsip dst "/etc/adsip.acl" #acl adsites1 url_regex "/etc/adlist.txt" acl sbobet dstdomain *.sbobet.com/* acl sbobet dstdomain *.sbostatic.com/* always_direct allow sbobet #cache deny sbobet acl all src 0.0.0.0/0.0.0.0 acl client1 src 10.16.8.0/24 acl ippublic src x.x.x.x/29  acl client2 src 192.168.88.0/24 acl client3 src x.x.x.0/24 acl client4 src x.x.x.0/24 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #http_access deny blockeddomain #http_access deny adsites1 #http_access deny adsip http_access allow manager localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow client1 http_access allow client2 http_access allow client3 http_access allow client4 http_access allow ippublic  http_access allow localhost http_access deny all #deny_info http://www.geocities.com/asaddotcom2002/Final-2.html adsites1 http_reply_access allow all icp_access allow all visible_hostname skylinx.squid.proxy.local.net coredump_dir /var/spool/squid reload_into_ims on pipeline_prefetch on vary_ignore_expire on ipcache_size 8192 ipcache_low 98 ipcache_high 99 minimum_direct_hops 5 fqdncache_size 8192 log_fqdn off memory_pools off forwarded_for off icp_hit_stale on logfile_rotate 5 client_db off #client_persistent_connection on store_objects_per_bucket 10 store_avg_object_size 13 kb netdb_high 10000 netdb_low 9900 netdb_ping_period 30 seconds log_icp_queries off test_reachability off query_icmp off ================== end of squid.conf =============== The only reason still using these version is very stable and almost forget when having trouble when using these version. So because its running well then never consider to upgrade it for years. Best Regards Der On Monday, June 30, 2014 10:19 AM, Eliezer Croitoru <eliezer@ngtech.co.il> wrote: Hey, Please don't double post and in a Case really you must remind us that we didn't responded just top-post\reply on the same thread. (I do not think that even 48 hours has passed since anyone have seen it yet and in many places sunday is not a work day.) Eventually I will try to help you a bit. What do you see in the access.log at the same time? Did you considered that this might not be because of your squid server directly? This url seems to work. If you can share your full squid.conf we might be able to assist you with it. There are couple options to debug it but since squid 2.7 is quite solid I think it's something with your acl logic(if it's from your server). Just for general understanding: Is there a reason for why you are using such an old version of squid which is not maintained for more then 3-4 years? Eliezer
Received on Mon Jun 30 2014 - 09:28:59 MDT

This archive was generated by hypermail 2.2.0 : Mon Jun 30 2014 - 12:00:05 MDT