On Mon, 30 Aug 2010 09:58:03 -0700, Darren <mister.raven@xxxxxxxxx> wrote: > I've been made aware of an issue with viewing streaming media files > off of sites like cbc.ca where the video files simply will not load > and play. > > I am using squid and dansguardian. If I proxy directly through squid > and skip dansguardian, the videos stream fine. If I go through > dansguardian, the videos will not stream. HTTP, SHOUTcast/ICY or RTSP streams? > > I can, however, stream video from youtube just fine through dans and squid. These are HTTP streams (aka just a big file download with range requests). > > I think that my issue is with dansguardian not dealing with the java > script files on the loading pages properly, so I've allowed certain > mime types through dans. Unfortunately this has not met with success. > > Has anyone else had this experience or able to recommend an avenue to > explore? Your Squid config file as posted belies your claim of using DG. You both do NAT interception directly into Squid (ie bypassing DG at the firewall) and use always_direct to prevent any cache_peers (ie a DG sitting behind Squid) being used. > > Squid.conf > > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > maximum_object_size 4 GB > store_avg_object_size 50 KB > half_closed_clients off > quick_abort_min -1 KB > > http_access allow manager localhost > #http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > icp_access deny all > htcp_access deny all > http_port 207.102.59.150:3128 transparent Either you are receiving traffic from a NAT firewall or from DansGuardian. Which is it? Accepting both on the same port opens you wide to CVE-2009-0801. > hierarchy_stoplist cgi-bin ? > access_log /var/log/squid/access.log squid > logfile_rotate 10 > cache_store_log none > > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > icp_port 3130 > coredump_dir /var/spool/squid > > dns_nameservers 208.67.222.222 208.67.220.220 > > redirect_rewrites_host_header off > cache_replacement_policy heap GDSF > cache_effective_user squid > cache_effective_group squid > cache_mem 300 MB > cache_dir ufs /var/spool/squid 2000 16 256 > > emulate_httpd_log on Please use the tag "common" (Apache format) instead of "squid" (Squid format) at the end of your access_log directive instead of emulating. > > visible_hostname Proxy Please use an FQDN here. It's used in things like automatic loop detection and by other administrators to track down your contact details. > > always_direct allow all > acl our_networks src xxx.xxx.xx.xxx > http_access allow our_networks
