Hello;
I've attached my condensed (without comments) squid.conf that is giving me
some trouble. My problems are as follows:
1. I am unable to connect to the cachemgr.cgi from machines in "Bldg_One"
or "Bldg_Two". I am trying to connect to cachemgr.cgi via webmin.
2. My disk space allocated seems to get used up within about three months
and I am not sure how to properly set up my config to expire my cache
sooner, don't even know what it is expiring at now for that matter. When my
allocated disk space is met, squid dies. The last time that this happened I
ran a clear and rebuild cache, this was a terrible mistake as it had taken
an entire day to run.
3. I am able to connect using ports that I thought I had forbidden using
"CONNECT". Is my ordering wrong?
4. I have at my disposal another 64GB partition contained in this machine
and I would like to get some suggestions for the best way to use it. I.e,
shall I just newfs this other partition and initialize it so as to pre-stage
a new cache in case my hard drive dies? Or, can I just use it alongside
what I have now and have squid continue to work even if one of the two
partitions dies?
As you can see from my attached config file, I have come a long way, but I
am not completely aware of all that squid can do.
Thank you all in advance,
.vp
Vadim
http_port 8080
hierarchy_stoplist cgi-bin ?
#
acl QUERY urlpath_regex cgi-bin \?
acl bad-files url_regex -i "/u1/squid/etc/bad-files"
acl good-files url_regex "/u1/squid/etc/good-files"
http_access deny bad-files !good-files
#
no_cache deny QUERY
#
# My hard drive is 64GB and I wanted to keep some space free
# for a few days worth of logs, etc.
#
cache_dir aufs /data/squidcache 51200 64 256
#
maximum_object_size 32 MB
#
cache_mem 4 MB
cache_swap_low 97
cache_swap_high 98
#
ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 4096
buffered_logs off
cache_replacement_policy heap LFUDA
cache_access_log /data/squidlogs/access.log
# cache_access_log /data/squidcache
# cache_log /dev/null
cache_store_log none
ftp_user ftp@xxxxxxxxxx
debug_options ALL,1
quick_abort_min 1 KB
quick_abort_max 1048576 KB
quick_abort_pct 90
connect_timeout 30 seconds
read_timeout 5 minutes
request_timeout 30 seconds
client_lifetime 2 hour
half_closed_clients off
pconn_timeout 120 seconds
ident_timeout 10 second
shutdown_lifetime 15 seconds
request_header_max_size 100 KB
request_body_max_size 1000 KB
refresh_pattern ^ftp: 1440 50% 86400
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 50% 86400
acl RAS src 192.168.0.0/16
acl Old_Net src 10.10.0.0/16
acl Old_Corp src 10.11.0.0/16
acl ACME src 10.12.0.0/16
acl Bldg_One src 10.13.0.0/16
acl Bldg_Two src 10.14.0.0/16
acl Bldg_Three src 10.15.0.0/16
acl Bldg_Four src 10.16.0.0/16
#
acl EXT_sixteen src 172.16.0.0/16
acl EXT_seventeen src 172.17.0.0/16
acl EXT_eighteen src 172.18.0.0/16
acl EXT_nineteen src 172.19.0.0/16
#
# Define the Cache Peers (these are on a private Gbit Conn)
#
acl ICP_ONE src 172.16.2.9
acl ICP_TWO src 172.16.2.10
#
acl all src 0.0.0.0/255.255.255.255
acl manager proto cache_object
#
http_access allow RAS
http_access allow Old_Net
http_access deny Old_Corp
http_access allow ACME
http_access allow Bldg_One
http_access allow Bldg_Two
http_access allow Bldg_Three
http_access allow Bldg_Four
#
http_access allow EXT_sixteen
http_access allow EXT_seventeen
http_access allow EXT_eighteen
http_access allow EXT_nineteen
#
http_access allow ICP_ONE
http_access allow ICP_TWO
#
http_access deny all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
#
# Define Safe Ports to use.
#
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
#
# Define SSL Ports
#
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_reply_access allow RAS
http_reply_access allow Old_Net
http_reply_access allow Old_Corp
http_reply_access allow ACME
http_reply_access allow Bldg_One
http_reply_access allow Bldg_Two
http_reply_access allow Bldg_Three
http_reply_access allow Bldg_Four
#
http_reply_access allow EXT_sixteen
http_reply_access allow EXT_seventeen
http_reply_access allow EXT_eighteen
http_reply_access allow EXT_nineteen
#
http_reply_access allow ICP_ONE
http_reply_access allow ICP_TWO
#
http_reply_access allow all
cache_mgr cachemgr@xxxxxxxxxx
visible_hostname pxyc1ps1
logfile_rotate 8
coredump_dir /u1/squid/var/cache
cache_effective_user nobody
cache_effective_group nobody
icp_port 3130
icp_access allow ICP_TWO
icp_access deny all
cache_peer 172.16.2.10 sibling 8080 3130
peer_connect_timeout 10 seconds
dns_testnames localhost
