On 30.05.2012 09:23, Linos wrote:
El 29/05/12 19:32, Eliezer Croitoru escribió:
On 29/05/2012 17:23, Linos wrote:
El 29/05/12 15:43, Eliezer Croitoru escribió:
well i have tried compiling squid 3.2.0.17 and it was built fine.
i wrote a basic way to compile squid on ubuntu 10.04 and 12.04
with all the dev
dependencies required to compile it at:
http://ubuntuforums.org/showpost.php?p=11958889&postcount=2
Eliezer
I am using squid-3.2.0.17-20120527-r11561 (the last daily build)
right now, it
compiles cleanly but have any bugs (well it is a beta version so it
isn't
unexpected), i have reported one at
http://bugs.squid-cache.org/show_bug.cgi?id=3556
So i can't compile stable versions and beta versions have bugs,
given this is a
production machine i don't have still a working solution.
Regards,
Miguel Angel.
as i wrote.. i have compiled the stable versions without any
problem.
can you share you squid.conf?
Eliezer
you wrote that you compiled 3.2.0.17, like you can see here
http://www.squid-cache.org/Versions/ 3.2.0.17 it's a beta version,
like i wrote
i have compiled this too and found any bugs in it.
What do you mean by "found any bugs"? I assumed it was a typo of "many
bugs" earlier, but you have been using it consistently across multiple
emails.
I am not sure what it is the value of squid.conf in a compilation
problem but
anyway this are the uncommented lines:
Small audit check, not related to your current problems ...
external_acl_type request_body children-max=20 %{Content-Length}
/etc/squid3/request_body_max_size.sh
acl request_max_aulas external request_body 104857
acl srv_aulas src 192.168.2.200/32
acl oficinas src 192.168.0.0/24
acl aulas1 src 192.168.2.0/24
acl aulas2 src 192.168.3.0/24
acl wifi_alumnos src 192.168.4.71-192.168.4.254/32
acl wifi_profesores src 192.168.4.1-192.168.4.70/32
acl hostsprohibidos src "/etc/squid3/hostsprohibidos"
acl urlaprobadas url_regex -i "/etc/squid3/urlaprobadas"
acl urlprohibidasaulas url_regex -i "/etc/squid3/urlprohibidasaulas"
acl urlprohibidasoficinas url_regex -i
"/etc/squid3/urlprohibidasoficinas"
acl extensionesprohibidas url_regex -i
"/etc/squid3/extensionesprohibidas"
acl whitenet src "/etc/squid3/whitehosts"
acl maniana time SMTWHFA 06:00-16:00
acl tarde time SMTWHFA 16:00-23:59 00:00-06:00
acl extensionestarde url_regex -i "/etc/squid3/extensionestarde"
acl msnmsg url_regex
^http://gateway\.messenger\.hotmail\.com/gateway/gateway\.dll
acl msnmsg url_regex ^http://64\.4\.[^/]*/gateway/gateway\.dll
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny aulas1 request_max_aulas
http_access deny aulas2 request_max_aulas
NOTE: CONNECT requests should never have a specific content-length
size. They are tested by the http_access ACLs prior to ssl-bump
unwrapping them. Look carefully at what your request_max_aulas helper
does when it receives "-" or no content-length. If it rejects a CONNECT
it will be blocking ssl-bump from operating on that tunnel request.
http_access allow whitenet
http_access allow all urlaprobadas
http_access allow oficinas !urlprohibidasoficinas
http_access allow wifi_alumnos !urlprohibidasoficinas
http_access allow wifi_profesores !urlprohibidasoficinas
http_access allow aulas1 maniana !msnmsg !hostsprohibidos
!urlprohibidasaulas
!extensionesprohibidas
http_access allow aulas2 maniana !msnmsg !hostsprohibidos
!urlprohibidasaulas
!extensionesprohibidas
http_access allow aulas1 tarde !msnmsg !hostsprohibidos
!urlprohibidasaulas
!extensionestarde
http_access allow aulas2 tarde !msnmsg !hostsprohibidos
!urlprohibidasaulas
!extensionestarde
http_access deny all
hint 1) aulas1 and aulas2 are identical type of ACL, and are always
listed in identical pairs of http_access or delay_access lines.
You can improve the proxy service time by merging both IP ranges into
one ACL name and dropping all the duplicated ACL testing.
hint 2) "!msnmsg !hostsprohibidos !urlprohibidasaulas
!extensionesprohibidas" are also the same type and only used together.
You can merge all of them into one ACL same as above.
HOWEVER, they are url_regex, which is one of the slowest ACL types. You
should consider splitting the file entries out into a dstdomain or other
faster ACL types where possible.
http_port 3128 transparent
"intercept".
http_port 3150 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=16MB cert=/etc/squid3/ssl_cert/cert.pem
always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/spool/squid_ssl_db
-M 16MB
sslcrtd_children 16
memory_replacement_policy heap LFUDA
cache_replacement_policy heap LFUDA
cache_dir aufs /var/spool/squid3 15000 16 256
maximum_object_size 40960 KB
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
store_avg_object_size 50 KB
delay_pools 2
delay_class 1 2 # pool 1 is a class 2 pool
delay_class 2 2 # pool 2 is a class 2 pool
delay_access 1 allow oficinas
delay_access 1 allow wifi_profesores
delay_access 1 deny all
delay_access 2 allow wifi_alumnos
delay_access 2 allow aulas1
delay_access 2 allow aulas2
delay_access 2 deny all
delay_parameters 1 2500000/3125000 1024000/1296000
delay_parameters 2 2500000/3125000 512000/600000
delay_initial_bucket_level 90
dns_nameservers 80.58.61.250 8.8.8.8
Regards,
Miguel Angel.
