Search squid archive

Re: Minor Errors In Squid.Conf (attached) That I Would Like Review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  Vadim Anatoly Pushkin
-- The Ukranian Stallion --





From: "Neil A. Hillard" <hillardn@xxxxxxxxx>
To: Vadim Pushkin <wiskbroom@xxxxxxxxxxx>
Hi,

Vadim Pushkin wrote:

Hello;
I've attached my condensed (without comments) squid.conf that is giving me some trouble. My problems are as follows:
1. I am unable to connect to the cachemgr.cgi from machines in "Bldg_One" or "Bldg_Two". I am trying to connect to cachemgr.cgi via webmin.
2. My disk space allocated seems to get used up within about three months and I am not sure how to properly set up my config to expire my cache sooner, don't even know what it is expiring at now for that matter. When my allocated disk space is met, squid dies. The last time that this happened I ran a clear and rebuild cache, this was a terrible mistake as it had taken an entire day to run.
3. I am able to connect using ports that I thought I had forbidden using "CONNECT". Is my ordering wrong?
4. I have at my disposal another 64GB partition contained in this machine and I would like to get some suggestions for the best way to use it. I.e, shall I just newfs this other partition and initialize it so as to pre-stage a new cache in case my hard drive dies? Or, can I just use it alongside what I have now and have squid continue to work even if one of the two partitions dies?
As you can see from my attached config file, I have come a long way, but I am not completely aware of all that squid can do.
OK, remember that the order of rules is important (OK, very important). The reason that you can connect to any port is that the following rules come _after_ the rules that grant access from your SRCs 

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
That is the way the config is written that comes with the distro, so I just assumed that it was correct.
I will try swapping them. Is their a known good config that is close to what I am trying to achive that I may evaluate for this purpose?
They therefore are never evaluated. You need to put these first and then test once again. Do you really need those http_reply_access lines at all? 

Without them, my users are denied access :-(

.vp
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux