DanC wrote:
List,
I have recently setup Squid for the first time. I work for a small school
and our goal is to use a machine running Squid, Dan's Guardian, Shorewall
and a few other things to make an effective filter to protect our students
and keep our parents happy.
Good luck. The cynic in me says "pick any two, the other one is not
really happening".
So far, everything works wonderfully with Squid
proxying transparently. Everyone can get where they need to go and not get
where they shouldn't go. In general we are quite happy with this setup.
We do have one problem though. We use a browser based curriculum on web
servers somewhere 2000 miles away from us. These servers require a constant
connection to the browser, apparently to prevent cheating. When the
If so they are wrong. A standard connection has nothing to do with
identification of the individuals using it. Simply using Squid you have
broken such tracking and will be pushing requests from all your active
students in an overlapping random manner down a much smaller number of
server connections.
But not much you can do about that, nor much reason to care either.
workstations are connected through my squid box, they give "Connection lost"
errors after 5-10 minutes even though I can continuously ping the whole time
without any dropped packets. Connecting to the internet directly through
our old firewall works fine and the connections don't get lost.
So far I have tried using "cache" and "always_direct" to fix my symptoms,
"cache" only really sets stricter than normal boundaries on things not
to be stored.
"always_direct" only prevents cache_peer entries being used to fetch data.
but have been unsuccessful. Does anyone know what I might be missing?
These are what you need to be looking at, in order of relevance to your
usage:
http://www.squid-cache.org/Doc/config/server_persistent_connections/
http://www.squid-cache.org/Doc/config/persistent_connection_after_error/
http://www.squid-cache.org/Doc/config/client_persistent_connections/
http://www.squid-cache.org/Doc/config/pconn_timeout/
Also, the latest Squid release you can use will also be important. We
are incrementally improving HTTP/1.1 support on an ongoing basis.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.6
Beta testers wanted for 3.2.0.1