Hello Amos, Thanks for support . Now it is working fine Saturday, July 25, 2009, 6:12:40 AM, you wrote: > Farhad Ibragimov wrote: >> Hello Squid-users, >> >> Dear Squid Guru >> >> I am install new squid 3 days ago . The version is 3.0 15 . The >> problem is that i don't see TCP_HIT (only TCP_MISS) in access log file . >> Configuration file is attached . Please help >> >> >> >> # WELCOME TO SQUID 3.0.STABLE15 >> # ---------------------------- >> http_port 3128 transparent >> cache_mem 1024 MB >> minimum_object_size 2048 KB > ?? looks like your problem. Most of the web traffic you will ever see is > under 2 MB big. > Average size is somewhere between 32KB and 128KB depending on your clients. > ... more point to follow.... >> icp_port 0 >> wccp2_router 85.132.32.20 >> visible_hostname "url..." >> url_rewrite_children 20 >> cache_dir ufs /cache 6000 16 256 >> cache_swap_low 90 >> cache_swap_high 95 >> allow_underscore on >> request_header_max_size 128 KB > Please do NOT raise this above 64KB in Squid 3.0! > There are a very large number of remote DDoS vulnerabilities that opens > up. The default for each squid version is kept at the largest safe value > we can be sure of. >> client_persistent_connections on >> server_persistent_connections on >> maximum_object_size_in_memory 50 KB >> cache_replacement_policy heap LFUDA >> maximum_object_size 50 MB >> ######LOG################ >> access_log /var/squid/logs/access.log squid >> cache_log /var/squid/logs/cache.log >> cache_store_log /var/squid/logs/store.log >> ############################### >> cache_mgr "mail address" >> httpd_suppress_version_string on >> # SNMP OPTIONS >> # ----------------------------------------------------------------------------- >> #snmp_port 1161 >> #snmp_access allow snmppublic localhost >> #snmp_access deny all >> cache_effective_user squid >> cache_effective_group squid >> ############################################################### >> acl dayaz dstdomain .day.az >> always_direct allow dayaz >> ############################################################### >> refresh_pattern -i \.gif$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.png$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.jpg$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.jpeg$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.pdf$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.zip$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.tar$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.gz$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.tgz$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.exe$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.prz$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.ppt$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.inf$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.swf$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.mid$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.wav$ 43200 100% 43200 override-lastmod override-expire >> refresh_pattern -i \.mp3$ 43200 100% 43200 override-lastmod override-expire >> >> #refresh_pattern ^ftp: 1440 20% 10080 >> #refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern (cgi-bin|\?) 0 0% 0 >> #refresh_pattern . 0 20% 4320 > Please do not alter the four above. They ensure that your cache is not > vulnerable to cache poisoning attacks or committing them against other > caches. >> >> # ACCESS CONTROLS >> ############################################################## >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 >> acl to_localhost dst 127.0.0.0/8 >> >> >> # Example rule allowing access from your local networks. >> # Adapt to list your (internal) IP networks from where browsing >> # should be allowed >> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network >> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network >> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network >> # >> acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl CONNECT method CONNECT >> >> # TAG: http_access >> http_access allow manager localhost >> http_access deny manager >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> #http_access allow localnet > Something has gone wrong. The above line commented out prevents local > networks from being serviced by this Squid. > I would expect this config to show constant TCP_MISS:DENIED in access.log. >> >> http_access deny all >> >> icp_access deny all >> htcp_access deny all >> >> hierarchy_stoplist cgi-bin ? >> >> # TAG: debug_options >> # Logging options are set as section,level where each source file >> # is assigned a unique section. Lower levels result in less >> # output, Full debugging (level 9) can result in a very large >> # log file, so be careful. The magic word "ALL" sets debugging >> # levels for all sections. We recommend normally running with >> # "ALL,1". >> # >> #Default: >> # debug_options ALL,1 >> >> icp_port 0 >> htcp_port 0 >> log_icp_queries off >> >> allow_underscore on >> >> # WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS >> #wccp_version 4 >> # wccp2_rebuild_wait on >> # wccp2_forwarding_method 1 >> # wccp2_return_method 1 >> # wccp2_assignment_method 1 >> # wccp2_service standard 0 >> # wccp2_weight 10000 >> # wccp_address 0.0.0.0 >> # wccp2_address 0.0.0.0 >> >> # ERROR PAGE OPTIONS >> # ----------------------------------------------------------------------------- >> # error_directory /squid/share/errors/templates >> email_err_data on >> >> client_db on >> coredump_dir /var/squid/cache > Amos -- Best regards, Farhad mailto:inara.ibragimova@xxxxxxxxx