Hi List, I'm trying to get access to me.com working on my test proxy, but I keep getting a timeout in my browsers: (110) Connection timed out. Access log shows TCP_MISS/503. I have tried disabling various things to see if I can get it working: authentication, send direct â even allow all at the top but no joy. On 3stable20 I've had this working ok.. Any help/pointers gratefully received, Thanks === Squid 3.1.8 conf: http_port 8080 auth_param negotiate program /usr/lib/squid/squid_kerb_auth -r auth_param negotiate children 120 startup=70 idle=10 auth_param negotiate keep_alive on auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 60 startup=20 idle=5 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 20 startup=10 idle =2 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours authenticate_ttl 1 hour cache_mem 1024 MB fqdncache_size 2048 ipcache_size 2048 ipcache_low 90 ipcache_high 95 maximum_object_size_in_memory 100 KB max_filedesc 8072 cache_peer [omitted] parent 8080 0 no-query proxy-only no-digest default cache_mgr [omitted] cachemgr_passwd [omitted] all client_persistent_connections on #server_persistent_connections on persistent_connection_after_error on ## LOG LOCATIONS access_log /var/log/squid/access.log squid cache_store_log none squid cache_log /var/log/squid/cache.log squid ## USER-AGENT (Browser-type) ACLs acl Java_jvm browser "/etc/squid/ACL/USERAGENTS/USER-AGENTS_JAVA.txt" acl iTunes browser "/etc/squid/ACL/USERAGENTS/USER-AGENTS_APPLE.txt" acl MSNMessenger browser "/etc/squid/ACL/USERAGENTS/USER-AGENTS_MSN.txt" ## USER AUTHENTICATION ACLs acl AuthenticatedUsers proxy_auth REQUIRED ## URL DESTINATION ACLs acl URL_ALLOWDstDomains dstdom_regex "/etc/squid/ACL/URL/URL_ALLOWDstDomains.txt" ## URL Regex acl URL_AllowRegex url_regex -i "/etc/squid/ACL/URL/URL_ALLOWRegex.txt" ## IP ACLS ## acl CLIENTIP src "/etc/squid/ACL/IPADDRESSES/IP_CLIENTIP.txt" ## Windows Update ACLS acl WSUS_IP src 172.16.10.127 # LAN IP ACLs acl 172SUBNETS src 172.16.0.0/16 acl SERVERSUBNETS src 172.16.10.0/24 acl SERVERSUBNETS src 172.16.100.0/24 # Blocks CONNECT method to IP addresses (Blocks Skype amongst other things) acl StopDirectIP url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ # MSN Messenger Allow IP ACL acl IP_MSNMessenger src "/etc/squid/ACL/IPADDRESSES/IP_MSNMESSENGER.txt" # SEND DIRECT ACLs acl SENDDIRECT_DstDomains dstdom_regex "/etc/squid/ACL/SENDDIRECT/SENDDIRECT_DSTDOMAINS.txt" acl SENDDIRECT_IPAddresses src "/etc/squid/ACL/SENDDIRECT/SENDDIRECT_IPADDRESSES.txt" # CONNECT Method Direct IP ACLs acl IP_CONNECTALLOW src "/etc/squid/ACL/IPADDRESSES/IP_CONNECTALLOW.txt" ## LOCALHOST ACLs acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 ## CACHEMGR ACL acl manager proto cache_object ## PORTS ACLs acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 8080 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl RTMP_ports port 1935 # RTMP # CONNECTION METHOD ACL acl CONNECT method CONNECT acl POST method POST ######### ICAP SERVER ######### ## ICAP-specific ACLs - required to be placed before ICAP settings acl ICAP_BYPASS dstdom_regex "/etc/squid/ACL/ICAP/ICAP_BYPASS_URL.txt" ## ICAP Settings icap_enable on icap_preview_enable on icap_persistent_connections on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Authenticated-User icap_client_username_encode on icap_service ss reqmod_precache 0 icap://localhost:1344/ssreqmod icap_service_revival_delay 60 adaptation_service_set c1 ss adaptation_access c1 deny ICAP_BYPASS # We don't check for auth for these either, so no point sending them to ICAP adaptation_access c1 deny POST #adaptation_access c1 deny CONNECT adaptation_access c1 deny URL_ALLOWDstDomains adaptation_access c1 deny URL_AllowRegex adaptation_access c1 deny CLIENTIP adaptation_access c1 deny WSUS_IP adaptation_access c1 deny iTunes adaptation_access c1 deny Java_jvm # Check everything else adaptation_access c1 allow all ## CACHEMGR ALLOW http_access allow manager 172SUBNETS ## GLOBAL DENY RULES http_access deny !Safe_ports http_access deny to_localhost http_access deny !SSL_Ports !172SUBNETS CONNECT http_access deny !SSL_Ports !RTMP_ports !172SUBNETS POST http_access deny 172SUBNETS !IP_MSNMESSENGER MSNMessenger http_access deny !IP_CONNECTALLOW StopDirectIP http_access deny !172SUBNETS iTunes http_access deny !172SUBNETS Java_jvm # USER AGENTS ALLOW # http_access allow 172SUBNETS iTunes http_access allow 172SUBNETS Java_jvm # URL and IP DESTINATIONS NOT REQUIRING AUTHENTICATION http_access allow URL_ALLOWDstDomains http_access allow URL_ALLOWRegex http_access allow CLIENTIP http_access allow WSUS_IP #Auth http_access allow AuthenticatedUsers ## SEND DIRECT ALLOW always_direct allow SENDDIRECT_DstDomains always_direct allow SENDDIRECT_IPAddresses ## LOCAL HOST ALLOW ## http_access allow localhost ###### CATCH ALL DENY ###### never_direct allow all snmp_access deny all #cache deny all http_access deny all -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/me-com-TCP-MISS-503-tp3319397p3319397.html Sent from the Squid - Users mailing list archive at Nabble.com.
