Le lundi 26 avril 2010 18:16:50, Luis Daniel Lucio Quiroz a écrit : > Hi, > > i'm having this problem. It is related with parent proxy configuration. > > My configuration is this (squid 3.1.1) > > > auth_param basic program /usr/lib64/squid/squid_db_auth -- > dsn=DBI:mysql:joomla:localhost --user=root --table=jos15_users -- > usercol=username --passwdcol=password --cond=block=0 --plaintext > auth_param basic children 5 > auth_param basic realm AstraTurbo > auth_param basic credentialsttl 2 hours > auth_param basic casesensitive off > # > # Recommended minimum configuration: > # > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl localhost src ::1/128 > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 > acl to_localhost dst ::1/128 > # Example rule allowing access from your local networks. > # Adapt to list your (internal) IP networks from where browsing > # should be allowed > acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > acl localnet src 172.16.0.0/12 # RFC1918 possible internal network > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > acl localnet src fc00::/7 # RFC 4193 local private network range > acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) > machines acl usernet src 201.144.93.163 # LDLQ@work > acl usernet src 187.152.46.116 > acl usernet src 70.82.196.169 # Jonathan's Hotel > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > acl POST method POST > acl proxy_users proxy_auth REQUIRED > acl HTTPS_url url_regex ^https:// > acl Astraqom_Cert ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH > acl me myportname 3130 > # > # Recommended minimum Access Permission configuration: > # > # Only allow cachemgr access from localhost > http_access allow manager localhost > http_access deny manager > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on "localhost" is a local user > #http_access deny to_localhost > # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > # Example rule allowing access from your local networks. > # Adapt localnet in the ACL section to list your (internal) IP networks > # from where browsing should be allowed > http_access allow localnet > http_access allow me > http_access allow proxy_users > #http_access allow usernet > http_access allow localhost > ssl_bump allow all > sslproxy_cert_error allow HTTPS_url > sslproxy_cert_error allow Astraqom_Cert > sslproxy_cert_error allow all > # And finally deny all other access to this proxy > http_access allow localhost > # Squid normally listens to port 3128 > http_port 3130 transparent name=3130 > http_port 3128 sslBump cert=/etc/openvpn/turbo.astraqom.ca.crt.pem > key=/etc/openvpn/turbo.astraqom.ca.key.pem > # We recommend you to use at least the following line. > hierarchy_stoplist cgi-bin ? > # Uncomment and adjust the following to add a disk cache directory. > #cache_dir ufs /var/spool/squid 100 16 256 > # Leave coredumps in the first cache dir > coredump_dir /var/spool/squid > # Add any of your own refresh_pattern entries above these. > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > shutdown_lifetime 5 seconds > cache_effective_user squid > cache_effective_group squid > cache_peer 127.0.0.1 parent 8080 0 no-query no-digest default > name=ziproxy proxy-only > always_direct allow HTTPS_url > never_direct allow !CONNECT !POST > ecap_enable on > ecap_service gzip_service respmod_precache 0 ecap://www.vigos.com/ecap_gzip > loadable_modules /usr/lib64/ecap_adapter_gzip.so > acl GZIP_HTTP_STATUS http_status 200 > adaptation_access gzip_service allow GZIP_HTTP_STATUS > visible_hostname turbo.xxxxx.cccc > > Look i'm havving a ziproxy parent. And I have 2 ports, 3128 an > authenticated port, and 3130 a transparent one. Authenticate pord works > okay. but transparent. > > I got this logs: > > ==> /var/log/squid/access.log <== > 1272294299.407 104 10.24.250.6 TCP_MISS/502 5225 GET > http://www.microsoft.com/isapi/redir.dll? - ANY_PARENT/ziproxy text/html > > ==> /var/log/squid/cache.log <== > 2010/04/26 11:04:59| WARNING: HTTP: Invalid Response: Bad header > encountered from http://www.squid-cache.org/Artwork/SN.png AKA www.squid- > cache.org/Artwork/SN.png > > > Ifi turn off cache_peer and direct sentences then transparent works. I'm > pretty shure it is a squidissu and not ziproxy because i dont get anything > in ziproxy log just in squid. > > Any comment? > > LD never mind it was a stupid fix
