Luciano Sousa wrote:
hello. i'm having a problem with idiot. at least once every two days I have to clear the cache of my squid, because it begins to deny all access, probably because it is full ...
Your cache.log (/usr/local/squid/logs/cache.log) might give more information on what's going on.
my squid.conf http_port 3128 icp_port 3128 hierarchy_stoplist cgi-bin ? cache_mem 500 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB ipcache_size 1024 ipcache_low 90 ipcache_high 95 cache_dir ufs /usr/local/squid/cache 1500 32 256 cache_access_log /usr/local/squid/logs/access.log pid_filename /usr/local/squid/logs/squid.pid acl manager proto cache_object cache_log /usr/local/squid/logs/cache.log cache_store_log /usr/local/squid/logs/store.log logformat logluciano IP do cliente: %>a - Username: %un - Horario: [%tl] - Metodo: %rm - URL: %ru - Status HTTP: %Hs - Status Squid: %Ss - Porta: %>p cache_access_log /usr/local/squid/logs/logteste.log logluciano auth_param ntlm program /usr/bin/ntlm_auth domain/pdc --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param basic children 5 auth_param basic realm Digite o LOGIN/SENHA auth_param basic credentialsttl 1 minute auth_param basic casesensitive off external_acl_type nt_group %LOGIN /usr/local/squid/etc/wbinfo_group.pl acl AllowedWindowsGroups external nt_group testnet http_access allow AllowedWindowsGroups acl localhost src 127.0.0.1/255.255.255.255 acl redelocal src 192.168.1.0/24 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 6959 #mirc acl Safe_ports port 900 #mirc acl Safe_ports port 23 #smtp acl Safe_ports port 143 #imap acl CONNECT method CONNECT acl acesso proxy_auth REQUIRED http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow acesso http_access allow redelocal
For what it's worth, you are allowing unauthenticated requests from your local network. Authentication is requested, the client is allowed if authentication is provided (but not denied if it's not). The next step checks the client's source IP and allows based on that (with an implicit deny following). Perhaps that's to plan, but I thought it might be worth a mention.
icp_access allow all debug_options ALL,1 33,2 thank's.
Chris
