Search squid archive

Re: Time-based oddity that I can't quite nail down...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kurt Buff wrote:
On Thu, Nov 12, 2009 at 16:49, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
The squidclient tool fits into the niche gap between telnet and lynx.
Allowing a simple input of the request URL and optional other details and
producing a dump of the results. It has no large dependencies.

To test through the proxy:
 squidclient http://example.com/

To test without proxy:
 squidclient -h example.com -p 80 /

I am unable to perform the test as described. I seem to have a
configuration issue in Squid, as I get the error output listed below
when trying issuing, for example, 'squidclient http://www.example.com'
- but 'squidclient -h example.com -p 80 /' works just fine. I'm not
sure what to change in squid.conf to fix this. The IP address of the
is in the 192.168.8.0/24 subnet, if that matters.

Ah, yes. You don't allow localhost access to the proxy.

In which case for you it is:
  squidclient -h $PROXYIP http://example.com/



Kurt

<snip>

----------Begin Squid.conf-----------
http_port 3128
hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

cache_mem 1536 MB
cache_dir aufs /squid 54476 512 1024

logformat combined %>a %>A %<A [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss

access_log syslog combined
access_log /usr/local/squid/logs/access.log combined
logfile_rotate 90

acl QUERY urlpath_regex cgi-bin \?
# acl all src 0.0.0.0/0.0.0.0
acl our_networks src 10.0.0.0/8 192.168.8.0/24 192.168.10.0/24
192.168.11.0/24 192.168.12.0/24 192.168.13.0/24 192.168.15.0/24
192.168.24.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

localnet is the 3.x name for our_networks. You can use your "our_networks" list and drop the other out of the config entirely.

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

# Header_access lines below added to alleviate issue with downloading PDFs
# 2009-05-12
request_header_access Unless-Modified-Since deny all
request_header_access Translate deny all

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow our_networks
http_access deny all

The above "http_access deny all" entry prevents all following http_access lines from ever working.

http_reply_access allow all
http_access allow localnet
http_access deny all

Same again here on this one.


# MSN Messenger

acl msn urlpath_regex -i gateway.dll
acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
acl msn1 req_mime_type application/x-msn-messenger

http_access allow msnd
http_access allow msn
http_access allow msn1

icp_access allow localnet
icp_access deny all

htcp_access allow localnet
htcp_access deny all

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern (cgi-bin|\?)    0       0%      0

Please use the pattern:
  -i (/cgi-bin/|?)

refresh_pattern .               0       20%     4320
visible_hostname zsquid2.mycompany.com
icp_port 3130
coredump_dir /usr/local/squid/cache
----------End Squid.conf----------

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.14

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux