Hi all,
I've squid-2.6.STABLE22-1.el5 installed on an Intel Pentium D box on
RHEL5. There are two main problems with this setup:
1. When I restart squid, it takes an uncertain amount of time to come
up! ranging from a minute to unlimited (till I restart again).
2. Even when startup successfully, on some clients it stops responding
for a while and pressing F5 continously for some time opens the page and
sometimes open the page without images & in distorted form.
I have tried 3 different versions of squid to remove the doubt about a
particular build's problem. I've tried squid-3.0.STABLE16-1.el5,
squid-2.7.STABLE6-1.el5 and now squid-2.6.STABLE22-1.el5. But no luck! I
am using squid in conjunction with Shorewall and shorewall has been
working just fine since last 3 years on same system.
Any idea what might be going wrong? Further, can anybody suggest best
suited distro to use for this purpose? Someone here suggested SUSE
Enterprise but I haven't given it a try though as yet. Squid.conf is below:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow CONNECT SSL_ports
acl Super_Users src "/etc/squid/custom_acls/super_users.acl"
acl Local_Network src "/etc/squid/custom_acls/local_network.acl"
acl Servers_Range src "/etc/squid/custom_acls/servers_range.acl"
acl Non_Restricted_Group src
"/etc/squid/custom_acls/non_restricted_group.acl"
acl ISP_Users src "/etc/squid/custom_acls/gerrys_103_users.acl"
acl Temporary_Users src "/etc/squid/custom_acls/temporary_users.acl"
acl Blocked_Sites dstdomain "/etc/squid/custom_acls/blocked_sites.acl"
acl Blocked_Extensions urlpath_regex -i
"/etc/squid/custom_acls/blocked_extensions.acl"
acl Working_Hours time MTWHF 9:00-19:00
acl Download method GET
acl Multimedia_Request req_mime_type -i ^application/x-msmetafile$
acl Multimedia_Request req_mime_type -i application/x-msmetafile
acl Multimedia_Reply rep_mime_type -i -i ^application/x-msmetafile$
acl Multimedia_Reply rep_mime_type -i -i application/x-msmetafile
acl Multimedia_Reply rep_mime_type -i video/x-ms-asf
acl Media_Reply_UrlPath_Regex urlpath_regex \.(afx|asf|asr|asx)(\?.*)?$
acl Multimedia_Reply rep_mime_type -i video/flv video/x-flv
acl Media_Reply_UrlPath_Regex urlpath_regex \.flv(\?.*)?$
acl Multimedia_Reply rep_mime_type -i video/mp4
acl Media_Reply_UrlPath_Regex urlpath_regex \.mp4(\?.*)?$
acl Multimedia_Reply rep_mime_type -i video/x-msvideo
acl Media_Reply_UrlPath_Regex urlpath_regex \.avi(\?.*)?$
acl Multimedia_Reply rep_mime_type -i video/x-la-asf
acl Media_Reply_UrlPath_Regex urlpath_regex \.(lsf|lsx)(\?.*)?$
acl Multimedia_Reply rep_mime_type -i video/quicktime
acl Media_Reply_UrlPath_Regex urlpath_regex \.(qt|mov)(\?.*)?$
acl Multimedia_Reply rep_mime_type -i video/mpeg
acl Media_Reply_UrlPath_Regex urlpath_regex
\.(mp2|mpa|mpe|mpeg|mpg|mpv2)(\?.*)?$
acl Multimedia_Reply rep_mime_type -i ms-hdr
acl Multimedia_Reply rep_mime_type -i x-fcs
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow Super_Users
http_access deny Blocked_Extensions Working_Hours Download
http_access deny Blocked_Sites Working_Hours
http_access deny Multimedia_Request Working_Hours
http_access deny Media_Reply_UrlPath_Regex Working_Hours
http_access allow Servers_Range
http_access allow Temporary_Users
http_access allow ISP_Users
http_access allow localhost
http_access deny all
http_reply_access allow Multimedia_Reply Super_Users
http_reply_access deny Multimedia_Reply Working_Hours
icp_access allow all
http_port 46095 transparent
hierarchy_stoplist cgi-bin ?
cache_mem 999 MB
cache_dir aufs /var/spool/squid 30720 16 256
cache_swap_low 90
cache_swap_high 92
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
shutdown_lifetime 5 seconds
visible_hostname 103_gateway
coredump_dir /var/spool/squid
--
Regards,
Asim Ahmed Khan
IT Manager,
Folio3 (Pvt.) Ltd. www.folio3.com
Direct: 92-21-4323721-4 Ext 110
Email: aahmed@xxxxxxxxxx
