Search squid archive

RE: [squid-users] Cache_peer problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Never_direct allow all works around the problems we were having.

Thanks

Adam

-----Original Message-----
From: Elsen Marc [mailto:elsen@xxxxxxx] 
Sent: Wednesday, 16 February 2005 5:46 PM
To: Adam Clark; squid-users@xxxxxxxxxxxxxxx
Subject: RE: [squid-users] Cache_peer problems


 
> 
> We are using squid in conjunction with trend micro's IWSS.
> 
> The documentation outlines how to do this, clients contact IWSS and 
> IWSS uses squid as an upstream proxy server.  For reporting reasons,
> We want to do it the other way around, IWSS are to general for us, 
> Authentication is done vie NTLM.
> 
> IWSS is running on 8080 and squid on 3128, same box.
> IWSS is not an ICP proxy and thus the squid doco led me to 
> the following
> Cach_peer statement:
> cache_peer 127.0.0.1 parent 8080 7 no-query default
> 
> Without the no-query and default statements I end up with 
> TIMEOUT_DIRECT
> warnings.
> 
> Now all this works ok, except when IWSS detects a virus, in 
> which case,
> squid 
> Ignore the 403 returned and goes direct instead of displaying 
> the error
> message
> 
> 1108522791.283     59 172.16.8.59 TCP_MISS/200 886 GET
> http://www.trendmicro.com/global/en/images/topnav/tn-partners-over.gif
> aclark DEFAULT_PARENT/127.0.0.1 image/gif
> 1108522791.287     57 172.16.8.59 TCP_MISS/200 754 GET
> http://www.trendmicro.com/global/en/images/topnav/tn-about-over.gif
> aclark DEFAULT_PARENT/127.0.0.1 image/gif
> 1108522825.301    141 172.16.8.59 TCP_MISS/200 391 GET
> http://www.trendmicro.com/ftp/products/eicar-file/eicar.com aclark
> DIRECT/61.9.129.152 application/octet-stream
> 
> I know it is getting a 403 from the IWSS as a packet trace has this in
> its data segment:
> 
> HTTP/1.1 403 OK
> Connection: close
> Content-Type: text/html; charset=UTF-8
> Cache-Control: no-cache
> Date: Wed, 16 Feb 2005 01:49:15 GMT
> <html><head><title>IWSS Security Event</title></head>
> <body><script>  if( typeof( window.innerWidth ) == 'number' ) {if
> (window.innerWidth < 10 || window.innerHeight < 10)
> {self.resizeTo(700,600);}}else if (document.body &&
> (document.body.clientWidth < 10 || document.body.clientHeight < 10))
> {self.resizeTo(700, 600);}</script><h1><h1>IWSS Security Event
> (pthalo.ngv.vic.gov.au)</h1></h1>
> Access to this URL is currently restricted due to a blocking
> rule.<BR><BR>URL:
> <B>http://www.trendmicro.com/ftp/products/eicar-file/eicar.com
> </B><BR>Ru
> le: Block URLs of type <B>Virus infected temporary block</B><P>If you
> feel you have reached this message in error, please contact 
> your network
> administrator.
> </body></html>
> 
> Is this the appropriate method for what we need out of our 
> caching/virus
> system?
> 


You may try  :

      never_direct allow all

in squid.conf. To prevent squid from 'direct going attempts'.

M.


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux