Re: Balasan: [squid-users] Problem on ACL config and performance [SquidNT 2.5 Stable 9]

["Andreas Woll" <woll.andreas@xxxxxx>]

To Problem 2:
It doesn't work. It seems to be a general issue.
Redirecting from http to ftp results in a timeout of about 30 sec.

----- Original Message ----- 
From: "pujo mulyono" <pudjo26@xxxxxxxxx>
To: "Andreas Woll" <woll.andreas@xxxxxx>; <squid-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, September 06, 2005 9:13 AM
Subject:  Balasan: [squid-users] Problem on ACL config and 
performance [SquidNT 2.5 Stable 9]


> answer to question 1:
>
> you have to place allowed_url or allowed_dstdomain
> above blocked_url on the http_access rule:
>
> http_access allow allowed_url
> http_access allow allowed_dstdomain
> http_access deny blocked_url
>
> answer to question 2:
>
> try using ftp_user anonymous
>
> actually i dont like using squid for proxying ftp
> connection, i have some problem login some ftp servers
> also.
>
> regards,
> Pudjo@indonesia
>
> --- Andreas Woll <woll.andreas@xxxxxx> menulis:
>
> > I've got a SQUID running on Windows 2000 Server
> > [SQUIDNT 2.5 Stable 9] with
> > DSL-Line.
> > Normally the system is very performant and working
> > fine, but I've
> > encountered two problems:
> >
> > 1. I've implemented a blocking acl (blocked_url) and
> > it worked fine, but
> > some special addresses (allowed_url) to be
> > accessable
> > are still blocked. Is it possible to build an
> > junction between these two
> > acls to get access to special addresses and all
> > non-blocked?
> > For example:
> > sex is blocked and msexchangefaq.de is allowed.
> >
> > 2. I've got performance problems with ftp downloads
> > especially from hp.com
> > There are normal ftp links but it takes quite a long
> > time for squid to start
> > serving the request.
> >
> > here is the squid.conf.
> >
> > http_port 3128
> > hierarchy_stoplist cgi-bin ?
> > cache_dir ufs E:/Squid/cache 20000 16 256
> > mime_table E:/Squid/etc/mime.conf
> > pid_filename E:/Squid/log/squid.pid
> > dns_nameservers IP1 IP2
> > ftp_user user@SquidNT
> > diskd_program E:/Squid/libexec/diskd.exe
> > unlinkd_program E:/Squid/libexec/unlinkd.exe
> > auth_param basic children 5
> > auth_param basic realm Squid proxy-caching web
> > server
> > auth_param basic credentialsttl 2 hours
> > refresh_pattern ftp:  1440 20Percent 10080
> > refresh_pattern gopher: 1440 0Percent 1440
> > refresh_pattern .  0 20Percent 4320
> > visible_hostname SquidNT
> > icon_directory E:/Squid/share/icons
> > error_directory E:/Squid/share/errors/english
> > coredump_dir E:/Squid/cache
> > cache_access_log E:/Squid/log/access.log
> > cache_log E:/Squid/log/cache.log
> > cache_store_log none
> > emulate_httpd_log off
> > client_netmask 0.0.0.0 #Anonymisierung der Clients
> > log_fqdn off
> > log_mime_hdrs off
> > acl QUERY urlpath_regex cgi-bin \?
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl to_localhost dst 127.0.0.0/8
> > acl SSL_ports port 443 563
> > acl Safe_ports port 80   #  http
> > acl Safe_ports port 21   #  ftp
> > acl Safe_ports port 443 563  #  https, snews
> > acl Safe_ports port 70   #  gopher
> > acl Safe_ports port 210   #  wais
> > acl Safe_ports port 280   #  http-mgmt
> > acl Safe_ports port 488   #  gss-http
> > acl Safe_ports port 591   #  filemaker
> > acl Safe_ports port 777   #  multiling http
> > acl CONNECT method CONNECT
> > acl CORP-NET src "Range 1"
> > acl CORP-NET src "Range 2"
> > acl CORP-NET src "Range 3"
> > acl CORP-NET src "Range 4"
> > acl CORP-NET src "Range 5"
> > acl CORP-NET src "Range 6"
> > acl VPN-ACCESS src "Range 7"
> > acl streaming rep_mime_type ^video/x-ms-asf
> > ^video/x-ms-sf ^audio/mpeg
> > ^audio/x-mpeg ^audio/x-pn-realaudio
> > ^audio/x-pn-realaudio-plugin
> > ^application/x-mms-framed
> > ^application/vnd.ms.wms-hdr.asfv1
> > acl block_stream urlpath_regex
> \.(ra?m|ra|rpm|mpe?g?|mov|m3u|pls|ivf|asf|asx|avi|wax|wma|wmv|wvx|wmp|wmx|m1v|mp2|mp3|mpa|mpe|mpv2)($|\?)
> > acl blocked_url url_regex
> > "E:/Squid/etc/squid-block.acl"
> > acl allowed_url url_regex
> > "E:/Squid/etc/squid-allow.acl"
> > no_cache deny QUERY
> > http_access allow manager localhost
> > http_access deny manager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow CORP-NET
> > http_access allow VPN-ACCESS
> > http_access deny blocked_url
> > http_access deny all
> > http_reply_access deny block_stream
> > http_reply_access deny streaming
> > http_reply_access allow CORP-NET
> > http_reply_access allow VPN-ACCESS
> > http_reply_access deny blocked_url
> > http_reply_access deny all
> > icp_access deny all
> > snmp_access deny all
> >
> >
> > I would appreciate your help.
> > Thank you.
> >
> > Andreas
>
>
>
>
>
>
>
> ________________________________________________________
> Apakah Anda Yahoo!?
> Sekarang dengan penyimpanan 1GB
> http://id.mail.yahoo.com/