On 30/07/11 09:49, Ragheb Rustom wrote:
Hi Andrei, I think http_port should says the following as it is written in documentation that "transparent" use is being deprecated. So for transparent proxying this line should be as follows: http_port 3128 intercept As well you need to do some iptables configuration as just programming squid as being transparent by itself does not throw http traffic from clients transparently to squid. Please send your iptables configuration if possible to have a look. Sincerely, Ragheb Rustom Smart Telecom S.A.R.L -----Original Message----- From: Andrei [mailto:funactivities@xxxxxxxxx] Sent: Friday, July 29, 2011 11:22 PM To: squid-users@xxxxxxxxxxxxxxx Subject: The server closed the connection without sending any data. If proxy info is entered manually in the browser, caching works OK. If LAN clients are sent transparently to the proxy, an error message in Google Chrome: Error 324 The server closed the connection without sending any data. Mozilla Firefox displays a blank page. Strangely enough I don't see anything in the squid access.log when LAN clients are forced by the router to transparent cache... I'm running: Squid Cache: Version 3.1.6 Debian stable 6.0.2.1 DualXeon 3GhZ, 250GB SCSI, 4GB RAM Config file: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 172.16.0.0/21 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT request_header_max_size 15824 KB request_body_max_size 15824 KB reply_header_max_size 15824 KB reply_body_max_size 15824 KB http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access allow all icp_access allow all
drop icp_access - feature is disabled.
htcp_access allow all
drop htcp_access - feature is disabled.
http_port 3128 transparent hierarchy_stoplist cgi-bin ?
drop this hierarchy_stoplist
cache_mem 1024 MB cache_dir ufs /var/spool/squid3 40960 16 256 coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 40% 40320 icp_port 0
remove icp_port - that is default.
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080 refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
Remove all these unusable refresh_pattens to simplify the config. Or move them about the default "." pattern so they start to actually work. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10