Re: [squid-users] Re: ONLY Cache certain Websites.

On 3/08/2014 3:07 a.m., nuhll wrote:
> im not able to fix it.
>
> Normal websites work. But i cant get it to cache (or even allow access to
> Windows Update or Kaspersky).
>
> Whats i am doin wrong?
>
> 2014/08/02 17:05:35| The request GET
> http://dnl-16.geo.kaspersky.com/updaters/updater.xml is DENIED, because it
> matched 'localhost'
> 2014/08/02 17:05:35| The reply for GET
> http://dnl-16.geo.kaspersky.com/updaters/updater.xml is ALLOWED, because it
> matched 'localhost'
>
>
> 2014/08/02 17:06:32| The request CONNECT 62.128.100.41:443 is DENIED,
> because it matched 'localhost'
> 2014/08/02 17:06:32| The reply for CONNECT 62.128.100.41:443 is ALLOWED,
> because it matched 'localhost'
>
>
> 014/08/02 17:07:07| The request CONNECT sls.update.microsoft.com:443 is
> DENIED, because it matched 'localhost'
> 2014/08/02 17:07:07| The reply for CONNECT sls.update.microsoft.com:443 is
> ALLOWED, because it matched 'localhost'
>

So what access.log linesmatch these transactions?

>
> my config atm:
> debug_options ALL,1 33,2
> acl localnet src 192.168.0.0
> acl all src 0.0.0.0

1) you are defining the entire Internet to be a single IP address
"0.0.0.0" ... which is invalid.

This should be:
   acl all src all

> acl localhost src 127.0.0.1
>
> access_log daemon:/var/log/squid/access.test.log squid
>
> http_port 192.168.0.1:3128 transparent
>
> cache_dir ufs /daten/squid 100000 16 256
>
> range_offset_limit 100 MB windowsupdate
> maximum_object_size 6000 MB
> quick_abort_min -1
>
>
> # Add one of these lines for each of the websites you want to cache.
>
> refresh_pattern -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 432000
> reload-into-ims
>
> refresh_pattern -i
> windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 432000 reload-into-ims
>
> refresh_pattern -i
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 432000
> reload-into-ims
>
> refresh_pattern -i
> geo.kaspersky.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 432000 reload-into-ims
>
> # DONT MODIFY THESE LINES
> refresh_pattern \^ftp: 1440 20% 10080
> refresh_pattern \^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
> acl kaspersky dstdomain .kaspersky.com
> acl windowsupdate dstdomain windowsupdate.microsoft.com
> acl windowsupdate dstdomain .update.microsoft.com
> acl windowsupdate dstdomain download.windowsupdate.com
> acl windowsupdate dstdomain redir.metaservices.microsoft.com
> acl windowsupdate dstdomain images.metaservices.microsoft.com
> acl windowsupdate dstdomain c.microsoft.com
> acl windowsupdate dstdomain www.download.windowsupdate.com
> acl windowsupdate dstdomain wustat.windows.com
> acl windowsupdate dstdomain crl.microsoft.com
> acl windowsupdate dstdomain sls.microsoft.com
> acl windowsupdate dstdomain productactivation.one.microsoft.com
> acl windowsupdate dstdomain ntservicepack.microsoft.com
>
> acl CONNECT method CONNECT
> acl wuCONNECT dstdomain www.update.microsoft.com
> acl wuCONNECT dstdomain sls.microsoft.com
>
> http_access allow kaspersky localnet
> http_access allow CONNECT wuCONNECT localnet
> http_access allow windowsupdate localnet
>
> http_access allow localnet
> http_access allow localhost
>

The above rule set is equivalent to:
 http_access allow localhost
 http_access deny !localnet
 http_access allow all

Amos
Received on Sun Aug 03 2014 - 06:31:16 MDT