Search squid archive

Balasan: [squid-users] Problem on ACL config and performance [SquidNT 2.5 Stable 9]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



answer to question 1:

you have to place allowed_url or allowed_dstdomain
above blocked_url on the http_access rule:

http_access allow allowed_url
http_access allow allowed_dstdomain
http_access deny blocked_url

answer to question 2:

try using ftp_user anonymous

actually i dont like using squid for proxying ftp
connection, i have some problem login some ftp servers
also.

regards,
Pudjo@indonesia

--- Andreas Woll <woll.andreas@xxxxxx> menulis:

> I've got a SQUID running on Windows 2000 Server
> [SQUIDNT 2.5 Stable 9] with
> DSL-Line.
> Normally the system is very performant and working
> fine, but I've
> encountered two problems:
> 
> 1. I've implemented a blocking acl (blocked_url) and
> it worked fine, but
> some special addresses (allowed_url) to be
> accessable
> are still blocked. Is it possible to build an
> junction between these two
> acls to get access to special addresses and all
> non-blocked?
> For example:
> sex is blocked and msexchangefaq.de is allowed.
> 
> 2. I've got performance problems with ftp downloads
> especially from hp.com
> There are normal ftp links but it takes quite a long
> time for squid to start 
> serving the request.
> 
> here is the squid.conf.
> 
> http_port 3128
> hierarchy_stoplist cgi-bin ?
> cache_dir ufs E:/Squid/cache 20000 16 256
> mime_table E:/Squid/etc/mime.conf
> pid_filename E:/Squid/log/squid.pid
> dns_nameservers IP1 IP2
> ftp_user user@SquidNT
> diskd_program E:/Squid/libexec/diskd.exe
> unlinkd_program E:/Squid/libexec/unlinkd.exe
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web
> server
> auth_param basic credentialsttl 2 hours
> refresh_pattern ftp:  1440 20Percent 10080
> refresh_pattern gopher: 1440 0Percent 1440
> refresh_pattern .  0 20Percent 4320
> visible_hostname SquidNT
> icon_directory E:/Squid/share/icons
> error_directory E:/Squid/share/errors/english
> coredump_dir E:/Squid/cache
> cache_access_log E:/Squid/log/access.log
> cache_log E:/Squid/log/cache.log
> cache_store_log none
> emulate_httpd_log off
> client_netmask 0.0.0.0 #Anonymisierung der Clients
> log_fqdn off
> log_mime_hdrs off
> acl QUERY urlpath_regex cgi-bin \?
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80   #  http
> acl Safe_ports port 21   #  ftp
> acl Safe_ports port 443 563  #  https, snews
> acl Safe_ports port 70   #  gopher
> acl Safe_ports port 210   #  wais
> acl Safe_ports port 280   #  http-mgmt
> acl Safe_ports port 488   #  gss-http
> acl Safe_ports port 591   #  filemaker
> acl Safe_ports port 777   #  multiling http
> acl CONNECT method CONNECT
> acl CORP-NET src "Range 1"
> acl CORP-NET src "Range 2"
> acl CORP-NET src "Range 3"
> acl CORP-NET src "Range 4"
> acl CORP-NET src "Range 5"
> acl CORP-NET src "Range 6"
> acl VPN-ACCESS src "Range 7"
> acl streaming rep_mime_type ^video/x-ms-asf
> ^video/x-ms-sf ^audio/mpeg
> ^audio/x-mpeg ^audio/x-pn-realaudio
> ^audio/x-pn-realaudio-plugin
> ^application/x-mms-framed
> ^application/vnd.ms.wms-hdr.asfv1
> acl block_stream urlpath_regex
>
\.(ra?m|ra|rpm|mpe?g?|mov|m3u|pls|ivf|asf|asx|avi|wax|wma|wmv|wvx|wmp|wmx|m1v|mp2|mp3|mpa|mpe|mpv2)($|\?)
> acl blocked_url url_regex
> "E:/Squid/etc/squid-block.acl"
> acl allowed_url url_regex
> "E:/Squid/etc/squid-allow.acl"
> no_cache deny QUERY
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow CORP-NET
> http_access allow VPN-ACCESS
> http_access deny blocked_url
> http_access deny all
> http_reply_access deny block_stream
> http_reply_access deny streaming
> http_reply_access allow CORP-NET
> http_reply_access allow VPN-ACCESS
> http_reply_access deny blocked_url
> http_reply_access deny all
> icp_access deny all
> snmp_access deny all
> 
> 
> I would appreciate your help.
> Thank you.
> 
> Andreas 
> 
> 
> 



	

	
		
________________________________________________________ 
Apakah Anda Yahoo!?
Sekarang dengan penyimpanan 1GB
http://id.mail.yahoo.com/

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux