Search squid archive

Squid DG Sandwich: Squid3 (auth/no proxy) -> DansGuardian -> Squid3 (no auth/proxy)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(Sorry posted in html format by mistake which removed all endlines... didn't
see a way to edit my first post)

I am trying to get this setup working and am having a problem:
Client -> Squid3 (auth/no proxy):3030 -> DansGuardian:8080 -> Squid3 (no
auth/proxy):3128 -> Internet

It is working (username is passing etc)  but pages are taking over a min to
load

I believe I am having trouble between Squid3 (auth/no proxy):3030 ->
DansGuardian:8080

Basically:
1) if I connect directly to Squid3 (no auth/proxy):3128 I work well (even if
I add in authentication)
2) if I connect directly to DansGuardian:8080 -> Squid3 (no auth/proxy):3128
I work well

When I connect to Squid3 (auth/no proxy):3030 -> DansGuardian:8080 -> Squid3
(no auth/proxy):3128 performance basically halts.  Even if I start Squid3
(auth/no proxy):3030 it seems to severely effect performance.

I tried to delete all the extra config/comment lines.... and here is the
config I'm left with (which I am currently working with):

Squid3 (auth/no proxy):3030 (entire file shown)
squid-auth.conf:

auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d
auth_param negotiate children 10
auth_param negotiate keep_alive on
cache_peer 127.0.0.1 parent 8080 0 no-query login=*:nopassword

acl AUTHENTICATED proxy_auth REQUIRED
http_access deny !AUTHENTICATED
http_access allow all

http_port 3030
cache_dir null /dev/null
access_log /var/log/squid3-auth/access.log squid
cache_log /var/log/squid3-auth/cache.log
cache_store_log /var/log/squid3-auth/store.log
pid_filename /var/run/squid3-auth.pid
coredump_dir /var/spool/squid3-auth


DansGuardian:8080   (only what i changed....I really didn't change much, but
the last 2 lines I put in)
dansguardian.conf:

filterip =     (I have also used 127.0.0.1, but for testing have left it
blank)
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128

accessdeniedaddress = 'http://webfilter.example.com/cgi-bin/dansguardian
.pl'
authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'

Squid3 (no auth/proxy):3128 (entire file shown)
squid.conf:

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
ttp_access allow all
icp_access deny all
htcp_access deny all
http_port 3128
access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp: 1440    20%     10080
refresh_pattern ^gopher: 1440    0%      1440
refresh_pattern (cgi-bin|\?)    0       0%      0
refresh_pattern . 0       20%     4320

A little more detail: I am running this on 1 ubuntu 10.04 lucid lynx server,
I am using kerberos to authenticate.  I am trying to just get a basic setup
going where dansguardian will do all the filtering and reporting.

Any help/direction would be greatly appreciated!!!!!
-- 
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-DG-Sandwich-Squid3-auth-no-proxy-DansGuardian-Squid3-no-auth-proxy-tp3311846p3311849.html
Sent from the Squid - Users mailing list archive at Nabble.com.


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux