On 8/14/2014 8:10 AM, Amos Jeffries wrote:
> If you can provide your squid.conf it would be really helpful
> understanding this. Amos
I think the terminology is confusing because it's the terminology used
in the pfsense box that squid is running on. Nevertheless, squid.conf is
below:
====== squid.conf starts below ========
http_port 10.10.14.1:3128
icp_port 7
dns_v4_first off
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language en
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname localhost
cache_mgr admin_at_localhost
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 1
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src 10.10.14.0/24
uri_whitespace strip
acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic
cache_mem 2000 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 500 16 256
minimum_object_size 0 KB
maximum_object_size 4 KB
offline_mode offcache_swap_low 90
cache_swap_high 95
# No redirector configured
#Remote proxies
# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128
1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
# Define protocols used for redirects
acl HTTP proto HTTP
acl HTTPS proto HTTPS
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
# Always allow localhost connections
http_access allow localhost
quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
# Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny allsrc
# Reverse Proxy settings
http_port 75.145.82.58:80 accel defaultsite=deeztek.com vhost
https_port 75.145.82.58:443 accel
cert=/usr/pbi/squid-i386/etc/squid/53dfccd7cbb37.crt
key=/usr/pbi/squid-i386/etc/squid/53dfccd7cbb37.key
defaultsite=deeztek.com vhost
#
cache_peer 10.10.14.254 parent 443 0 proxy-only no-query no-digest
originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER
front-end-https=auto name=rvp_webserver.deeztek.com
#
cache_peer 10.10.14.201 parent 443 0 proxy-only no-query no-digest
originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER
front-end-https=auto name=rvp_owa.deeztek.com
#
cache_peer 10.10.14.251 parent 458 0 proxy-only no-query no-digest
originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER
front-end-https=auto name=rvp_cloud.deeztek.com
#
cache_peer 10.10.14.238 parent 443 0 proxy-only no-query no-digest
originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER
front-end-https=auto name=rvp_ewa.deeztek.com
#
cache_peer 10.10.14.250 parent 443 0 proxy-only no-query no-digest
originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER
front-end-https=auto name=rvp_mail.deeztek.com
#
cache_peer 10.10.14.254 parent 80 0 proxy-only no-query no-digest
originserver login=PASS round-robin name=rvp_admin.grubbcontractors.com
acl rvm_deeztek.com url_regex -i ^https://secure.deeztek.com/.*
acl rvm_deeztek.com url_regex -i ^https://www.deeztek.com/.*
acl rvm_deeztek.com url_regex -i ^https://forums.deeztek.com/.*
acl rvm_deeztek.com url_regex -i ^https://deeztek.com/.*
acl rvm_OWASSL url_regex -i ^https://owa.deeztek.com/.*
acl rvm_OWASSL url_regex -i ^https://hdgexchange.deeztek.com/.*
acl rvm_OWASSL url_regex -i ^https://activesync.deeztek.com/.*
acl rvm_OWASSL url_regex -i ^https://autodiscover.deeztek.com/.*
acl rvm_OWASSL url_regex -i ^https://autodiscover.mydirectmail.net/.*
acl rvm_EWASSL url_regex -i ^https://ewa.deeztek.com/.*
acl rvm_MAILSSL url_regex -i ^https://mail.deeztek.com/.*
acl rvm_visionexperts.com url_regex -i ^https://www.visionexperts.com/.*
acl rvm_visionexperts.com url_regex -i ^https://visionexperts.com/.*
acl rvm_visionexperts.com url_regex -i ^https://secure.visionexperts.com/.*
acl rvm_grubbcontractors.com url_regex -i
^https://www.grubbcontractors.com/.*
acl rvm_grubbcontractors.com url_regex -i
^https://bids.grubbcontractors.com/.*
acl rvm_grubbcontractors.com url_regex -i ^https://grubbcontractors.com/.*
acl rvm_admin.grubbcontractors.com url_regex -i
^https://admin.grubbcontractors.com/.*
cache_peer_access rvp_webserver.deeztek.com allow rvm_deeztek.com
cache_peer_access rvp_owa.deeztek.com allow rvm_OWASSL
cache_peer_access rvp_ewa.deeztek.com allow rvm_EWASSL
cache_peer_access rvp_mail.deeztek.com allow rvm_MAILSSL
cache_peer_access rvp_webserver.deeztek.com allow rvm_visionexperts.com
cache_peer_access rvp_webserver.deeztek.com allow rvm_grubbcontractors.com
cache_peer_access rvp_admin.grubbcontractors.com allow
rvm_admin.grubbcontractors.com
cache_peer_access rvp_webserver.deeztek.com deny allsrc
cache_peer_access rvp_owa.deeztek.com deny allsrc
cache_peer_access rvp_ewa.deeztek.com deny allsrc
cache_peer_access rvp_mail.deeztek.com deny allsrc
cache_peer_access rvp_webserver.deeztek.com deny allsrc
cache_peer_access rvp_webserver.deeztek.com deny allsrc
cache_peer_access rvp_admin.grubbcontractors.com deny allsrc
never_direct allow rvm_deeztek.com
never_direct allow rvm_OWASSL
never_direct allow rvm_EWASSL
never_direct allow rvm_MAILSSL
never_direct allow rvm_visionexperts.com
never_direct allow rvm_grubbcontractors.com
never_direct allow rvm_admin.grubbcontractors.com
http_access allow rvm_deeztek.com
http_access allow rvm_OWASSL
http_access allow rvm_EWASSL
http_access allow rvm_MAILSSL
http_access allow rvm_visionexperts.com
http_access allow rvm_grubbcontractors.com
http_access allow rvm_admin.grubbcontractors.com
deny_info TCP_RESET allsrc
# Custom options
# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny allsrc
====== squid.conf ends above ========
Received on Thu Aug 14 2014 - 12:59:47 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 14 2014 - 12:00:05 MDT